Susp_Dropper (Kaspersky), Gen:Variant.Zusy.97960 (B) (Emsisoft), Gen:Variant.Zusy.97960 (AdAware)Behaviour: Malware
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 339ba7657a5d27939266a8f81b54d149
SHA1: f31f681993058d10fed73ca7111b0a683debdd1b
SHA256: 45cafcb6244ecac1594e41c2900f4d2e28ffdd36c0af3490e8fa60fee3fbf234
SSDeep: 6144:FIWbEGsxdTGzTb1P6LG/J9hS14sCIFQwaEyUNxYrYBei6CJYYbv:FISEGsx68LG/J9h1sQuxYrQUCJfv
Size: 335776 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2014-06-30 12:28:36
Analyzed on: WindowsXP SP3 32-bit
Summary: Malware. Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Malware creates the following process(es):No processes have been created.The Malware injects its code into the following process(es):
%original file name%.exe:1876
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:1876 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\style.css (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\butpause.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\bg_app[1].png (3072 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\position4A.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\position3C.css (638 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\screen-vafmusic.png (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\show.png (235 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\screen-zipper.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\config.dmc (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\screen-geaudioconverter.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\position3A.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\position3D.css (539 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\exe\options.html (965 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\screen-printpdf.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\exe\instalando.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\boton.jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\screen-vafplayer.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\position2A.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\base.css (265 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dfsD.tmp (1789 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\screen-gevideoconverter.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\position1A.css (421 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\less.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\safe[1].png (1521 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\loading[1].css (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\box[1].htm (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\progress.png (4 bytes)
%System%\wbem\Logs\wbemprox.log (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\check-close.png (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\loading[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\exe\close.html (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\box[1].html (959 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\temp\templateDisplays.dfe (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\bg_app.png (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\exe\finish.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\screen-olivebrowser.png (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\jquery.min.js (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\bullet.gif (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\temp\Dockings.dfe (5572 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin.dmc (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\progress_small.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\doma[1].js (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\logo-win.jpg (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\check.png (398 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\exe\box.html (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\position2B.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\check.jpg (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\more.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\butplay.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\screen-miul.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\percentage-bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\cross.jpg (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\hide.png (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\position3B.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\secure[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\temp\templateStyle.dfe (45012 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\bullet-short.gif (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\position2C.css (578 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\exe\group.html (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\boton_xl.jpg (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\progress_small_bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\screen-ifish.png (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\exe\welcome.html (151 bytes)
Registry activity
The process %original file name%.exe:1876 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1404120516"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8B E6 EE A8 B5 30 A7 DF 96 E5 4F 46 EE 7A 4B FF"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The Malware modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Malware modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Malware modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Malware deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
Dropped PE files
MD5 | File path |
---|---|
6a23beb2b76338c8f124532fdd2c652c | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\dfsD.tmp |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
- Delete the original Malware file.
- Delete or disinfect the following files created/modified by the Malware:
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\style.css (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\butpause.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\bg_app[1].png (3072 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\position4A.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\position3C.css (638 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\screen-vafmusic.png (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\show.png (235 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\screen-zipper.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\config.dmc (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\screen-geaudioconverter.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\position3A.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\position3D.css (539 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\exe\options.html (965 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\screen-printpdf.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\exe\instalando.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\boton.jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\screen-vafplayer.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\position2A.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\base.css (265 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dfsD.tmp (1789 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\screen-gevideoconverter.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\position1A.css (421 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\less.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\safe[1].png (1521 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\loading[1].css (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\box[1].htm (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\progress.png (4 bytes)
%System%\wbem\Logs\wbemprox.log (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\check-close.png (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\loading[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\exe\close.html (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\box[1].html (959 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\temp\templateDisplays.dfe (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\bg_app.png (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\exe\finish.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\screen-olivebrowser.png (13 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\jquery.min.js (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\bullet.gif (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\temp\Dockings.dfe (5572 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin.dmc (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\progress_small.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\doma[1].js (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\logo-win.jpg (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\check.png (398 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\exe\box.html (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\position2B.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\check.jpg (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\more.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\butplay.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\screen-miul.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\percentage-bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\cross.jpg (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\hide.png (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\position3B.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\secure[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\temp\templateStyle.dfe (45012 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\bullet-short.gif (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\position2C.css (578 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\exe\group.html (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\boton_xl.jpg (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\progress_small_bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\css\images\screen-ifish.png (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\b9b7c0ef-a281-47dd-a30b-121941311963\bin\exe\welcome.html (151 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 753664 | 232448 | 5.54459 | 73ac987bcca216a0688e98e6bec6a755 |
.rsrc | 757760 | 98304 | 96256 | 5.08144 | 4a72837e114b2fd8d4a4d016dc952cc2 |
.reloc | 856064 | 512 | 512 | 0.188401 | ca001c7c4d67f995b8191dc8eedfef0e |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 267
eafe1e39c33971a09a5ec7e13967e527
a980e23295a69541ea9ba7061b0236a7
16abcee7c8a11ccc6835cd58e126b567
e70f76146ae7eca21410c0f793e72da0
06c75fb5e12c07af1e891b2e5188737f
fcdf0ebdb43128be4676080835d01611
ea4aae8bb91b86821dc8e4f6bf5a07a6
c7fe44f457570667ec5ffc0febd573a7
a8d59e7c57cc643c880b891a219247d1
a6b8839f5e994707d1d935a413219419
9eb917fadd5cb47c3b57d68bd6d180b0
7933b30caaadc22967593b6cd97c9dd7
78f685a0d33e4ece1f49ecbb486b2be8
728587b636403782ee1a3585a6f19cdf
55c3ad1e86c8805c4fc383a5d51b1304
4fa6473702766c3cf582f9e36211fe1b
38e39a65dd93a208376898977de6f2e4
dc5275dd539bfb20d8a27712a5205c8f
c9eb95f15a300f7d2f7e55deb35e2c91
a8ad95b8d3fb961b21c27bfd3eba19d1
75b18996b526fef819263b5c0b19af8e
718d4daab904112ade233981410e4d4d
57b43b2e8ac7459e69369aeb23fadb13
2486a52fd4c5ab7a175e14a9c8424ed4
e46501cb21d77a4ba1c27590811a4396
ce57a1672a712b99ce43ab108b824606
Network Activity
URLs
URL | IP |
---|---|
hxxp://API-XML-1918203848.us-west-2.elb.amazonaws.com/index.php/apiLoading/1026.html | |
hxxp://staticrr.tgusrv.com/Loading/b111f3f2_loading_java-similar/box.html | |
hxxp://staticrr.tgusrv.com/Loading/b111f3f2_loading_java-similar/loading.css | |
hxxp://staticrr.tgusrv.com/sdb/doma.js | |
hxxp://staticrr.tgusrv.com/Loading/b111f3f2_loading_java-similar/images/bg_app.png | |
hxxp://staticrr.tgusrv.com/Loading/b111f3f2_loading_java-similar/images/safe.png | |
hxxp://staticrr.tgusrv.com/Loading/b111f3f2_loading_java-similar/images/secure.jpg | |
hxxp://staticrr.tgusrv.com/Loading/b111f3f2_loading_java-similar/images/loading.gif | |
hxxp://API-XML-1918203848.us-west-2.elb.amazonaws.com/index.php/api/361/JFileManager/638/1026/English/WW.xml | |
hxxp://staticrr.tgusrv.com//Styles/Templates/e9c1a9ca_Win_A_Banner_DeclineLink.zip | |
hxxp://staticrr.tgusrv.com//Displays/Templates/756e2734_Win_A_Banner-NoLink-DeclineLink-Java.zip | |
hxxp://staticrr.tgusrv.com//Docking/Docking.zip | |
hxxp://api.v2.secdls.com/index.php/api/361/JFileManager/638/1026/English/WW.xml | 54.200.36.178 |
hxxp://staticrr.cloudbox106.com//Docking/Docking.zip | 85.12.5.27 |
hxxp://api.v2.secdls.com/index.php/apiLoading/1026.html | 54.200.36.178 |
hxxp://staticrr.safetydownload.net/Loading/b111f3f2_loading_java-similar/images/bg_app.png | 85.12.5.27 |
hxxp://staticrr.safetydownload.net/Loading/b111f3f2_loading_java-similar/loading.css | 85.12.5.27 |
hxxp://staticrr.cloudbox106.com//Displays/Templates/756e2734_Win_A_Banner-NoLink-DeclineLink-Java.zip | 85.12.5.27 |
hxxp://staticrr.safetydownload.net/Loading/b111f3f2_loading_java-similar/box.html | 85.12.5.27 |
hxxp://staticrr.safetydownload.net/Loading/b111f3f2_loading_java-similar/images/secure.jpg | 85.12.5.27 |
hxxp://staticrr.safetydownload.net/Loading/b111f3f2_loading_java-similar/images/safe.png | 85.12.5.27 |
hxxp://staticrr.safetydownload.net/Loading/b111f3f2_loading_java-similar/images/loading.gif | 85.12.5.27 |
hxxp://staticrr.paleokits.net/sdb/doma.js | 185.2.179.74 |
hxxp://staticrr.cloudbox106.com//Styles/Templates/e9c1a9ca_Win_A_Banner_DeclineLink.zip | 85.12.5.27 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /Loading/b111f3f2_loading_java-similar/box.html HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: staticrr.safetydownload.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Jul 2014 21:06:19 GMT
Content-Type: text/html
Last-Modified: Wed, 28 May 2014 17:14:38 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
3bf.............UMs.6.=[...!..$.:..6..ZV&.ql5a.............v... ).#...A"..o.o?.....&..g.p.$./.7.SB...O..]%W......2._..pe..Zq.....Z8W.3.4M....,Y..=z..7._..c.....Q.:|,....4............,..|H.y0....o1...,9%...dv..T. .Y......X...[-V1.j.@. YW@I.}....c>.....Xp..:x....`L.C*'......P.0.#...")..).,b*...ZJ...Z..`..G.C.....i?O?].....|.mfD...d.2.q'2c..K....P.c6OY.K.~.t...o2.E.h..E...D .[Ls..%*....$....u~..R...N.......:...4....<.....@YG..(. .In1w^G.....{..^v.>.=.QT.N.Af....tk.9...IT..D...(^z.....3..q....~wBvA( ..[,.......\.Y..1<..s...'P..F.X.gE...Z...>...7........xP'.j..t.F.xS..K.N.^.!.........W....K..*...gpuE.._..(...[.7..ZJ...Z...D(.L....D.. .r\E...i)}@...l..4d.............`!.Y.].....,..w..K<..r......>T.K...x...F...[.V.K..w.hq...U............_.{U..E.....@w.U..F}..w.=vo..~.;.n7^...q..i.9...&....C.....O@|C....lz....(...$_. .?(0..Q..#.....@........dLo...:O...1....6bY....i)....J...kg.e...s.....5N[.2).....9n.V7!...M{...B.:?.qL.......ru%ttt4.p?e..&[.....G.-8.....i.......0..HTTP/1.1 200 OK..Server: nginx..Date: Tue, 22 Jul 2014 21:06:19 GMT..Content-Type: text/html..Last-Modified: Wed, 28 May 2014 17:14:38 GMT..Transfer-Encoding: chunked..Connection: keep-alive..Content-Encoding: gzip..3bf.............UMs.6.=[...!..$.:..6..ZV&.ql5a.............v... ).#...A"..o.o?.....&..g.p.$./.7.SB...O..]%W......2._..pe..Zq.....Z8W.3.4M....,Y..=z..7._..c.....Q.:|,....4............,..|H.y0....o1...,9%...dv..T. .Y......X...[-V1.j.@. YW@I.}....c>.....Xp..:x....`L.C*'......P.0.#...")..).,b*...ZJ...Z..`..G.C.....i?O?].....|.mfD
<<< skipped >>>
GET /Loading/b111f3f2_loading_java-similar/loading.css HTTP/1.1
Accept: */*
Referer: hXXp://staticrr.safetydownload.net/Loading/b111f3f2_loading_java-similar/box.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: staticrr.safetydownload.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Jul 2014 21:06:20 GMT
Content-Type: text/css
Content-Length: 6234
Last-Modified: Wed, 28 May 2014 17:14:38 GMT
Connection: keep-alive
ETag: "5386197e-185a"
Accept-Ranges: bytes
/* CSS Document */../* CSS LOADING WIN */..article,aside,details,figcaption,figure,..footer,header,hgroup,menu,nav,section {..display:block;..}..p, h5, h4, h3, h2, h1, span, ul, li, form, input, textarea {...margin:0;...padding:0;..}..body {...margin:0 auto;...background-color:#fff;...width:670px;...height:410px;...color:#444;..}..a {...color:#0066cc;..}...clear {...clear:both;..}../*********************//*********************//*********************//*********************//*********************//*********************/...container {...width:670px;...height:410px;...margin:0 auto;...background:#eaeaea;...font-family:Arial, Helvetica, sans-serif;...color:#444;...font-size:13px;..}...header {...width:175px;...height:359px;...padding:0;...background:#eee url("images/bg_app.png") right no-repeat;...border-bottom:1px solid #c4c4c4;...position:relative;...z-index:0;...float:left;...overflow:hidden;..}...header h3 {...font-size:12px;...font-weight:bold;...margin:12px 10px 0 10px;...color:#fff;..}...header pre { font-family:Arial, Helvetica, sans-serif !important;}...header h2 {...font-size:11px;...font-weight:normal;...margin:3px 10px 0 10px;...color:#fff;...width:150px !important;...float:left;...word-wrap: break-word;...font-family:Arial, Helvetica, sans-serif !important;..}...content {...width:485px;...height:349px;...padding:5px;...border-bottom:1px solid #c4c4c4;...float:left;..}...buttons-in {...float: right;...width:150px;..}...buttons {...clear:both;...width:660px;...height:27px;...padding:12px 5px 0;...border-t
<<< skipped >>>
GET /Loading/b111f3f2_loading_java-similar/images/bg_app.png HTTP/1.1
Accept: */*
Referer: hXXp://staticrr.safetydownload.net/Loading/b111f3f2_loading_java-similar/box.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: staticrr.safetydownload.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Jul 2014 21:06:20 GMT
Content-Type: image/png
Content-Length: 20761
Last-Modified: Wed, 28 May 2014 17:14:38 GMT
Connection: keep-alive
ETag: "5386197e-5119"
Accept-Ranges: bytes
.PNG........IHDR.............d.......tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:9877AA79DEAB11E3BE9AC4982E4C1D8B" xmpMM:DocumentID="xmp.did:9877AA7ADEAB11E3BE9AC4982E4C1D8B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9877AA77DEAB11E3BE9AC4982E4C1D8B" stRef:documentID="xmp.did:9877AA78DEAB11E3BE9AC4982E4C1D8B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>9.....M.IDATx..}.v...,...Zz.~......ry.D<R....L..]m..}m.")2........W...........#.......@.........=......$.AtJ.f.C.{.hW....y.V...R.L^..K...m@......wi.....t.q3.?^nF..1...4..d..'...U...E.q?........R:.X0.;'.|!..8....w.c<1J?O...v..p.p. ....z.]......?z.......?H#....gB........x..Rl7.U.*.~[......X..BxP....DQ.uU......!...d,....!R..xH..F#..J..)........~0...................U$.;>..U...j.p..(G.....L.. ..TPW......D..........bQ.*.X@H.(.b...}..*.T...0ja.....J...=b.......##K].....>&.....,..=...BA...2.........l...B.O..X.......R,.G.....H.^............:....r...Z).B....B..!..O"..2.(.R.Z2K.....8H.8C.a
<<< skipped >>>
GET /Loading/b111f3f2_loading_java-similar/images/secure.jpg HTTP/1.1
Accept: */*
Referer: hXXp://staticrr.safetydownload.net/Loading/b111f3f2_loading_java-similar/box.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: staticrr.safetydownload.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Jul 2014 21:06:20 GMT
Content-Type: image/jpeg
Content-Length: 19602
Last-Modified: Wed, 28 May 2014 17:14:38 GMT
Connection: keep-alive
ETag: "5386197e-4c92"
Accept-Ranges: bytes
......Exif..II*.................Ducky.......Q.....-hXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:9877AA7DDEAB11E3BE9AC4982E4C1D8B" xmpMM:DocumentID="xmp.did:9877AA7EDEAB11E3BE9AC4982E4C1D8B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9877AA7BDEAB11E3BE9AC4982E4C1D8B" stRef:documentID="xmp.did:9877AA7CDEAB11E3BE9AC4982E4C1D8B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...................................................................................................................................................:............................................................................................!..1A.Q.".a.2B.s....T.q.#34U...br.c$Dt5...R..S..ì...6...&......................1.!AQa...q..2...."R..B3..#.r....b.....C$..............?..D}.|...@....,......&.3.. .`h.@.a..fA.*..AP..w@.%....Dn.F......1"..P.H`..@......@......@......@......@......P.T&.8.........Y.W{.5UR.u....Z[@ .....n....7..[.[qM.`h......c.#....Ik.A..../v.4........!~..`.lsA...z[_j6&.y.......=.....nM..
<<< skipped >>>
GET /sdb/doma.js HTTP/1.1
Accept: */*
Referer: hXXp://staticrr.safetydownload.net/Loading/b111f3f2_loading_java-similar/box.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: staticrr.paleokits.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Jul 2014 21:06:20 GMT
Content-Type: application/x-javascript
Content-Length: 2184
Last-Modified: Wed, 07 Aug 2013 11:37:26 GMT
Connection: keep-alive
ETag: "52023176-888"
Accept-Ranges: bytes
.. //muestra una capa y oculta otra.. function changeVisibility(capamostrar,capaocultar) {.. div = document.getElementById(capamostrar);.. div.style.display = "";.. div = document.getElementById(capaocultar);.. div.style.display = "none";.. }.. // funcion para mostrar u ocultar el progreso de la instalacion separado por ofertas.. function mostrardiv() {.. div = document.getElementById('multipleProgress');.. div.style.display = "";.. div = document.getElementById('ocultar');.. div.style.display = "";.. }.. function cerrar() {.. div = document.getElementById('multipleProgress');.. div.style.display='none';.. div = document.getElementById('ocultar');.. div.style.display='none';.. }.. // funcion para mostrar u ocultar el div de las toolbars instaladas en el finish.html.. function show() {.. div = document.getElementById('alloffers');.. div.style.display = "";.. div = document.getElementById('ocultar');.. div.style.display = "";.. }.. function hide() {.. div = document.getElementById('alloffers');.. div.style.display='none';.. div = document.getElementById('ocultar');.. div.style.display='none';.. }.. //si el usuario no acepta el radiobutton no se habilita el boton de nex.. function acceptDeclineDisablenext().. {.. if(document.getElementById('Raccept').checked) .. {.. document.getElementById('Bnext').disabled = false;.. document.getElementById('Bnext').focus();.. }..
<<< skipped >>>
GET //Styles/Templates/e9c1a9ca_Win_A_Banner_DeclineLink.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.cloudbox106.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Jul 2014 21:06:32 GMT
Content-Type: application/zip
Content-Length: 344899
Last-Modified: Fri, 07 Mar 2014 11:17:00 GMT
Connection: keep-alive
ETag: "5319aaac-54343"
Accept-Ranges: bytes
PK.........YgD..l>9....c......style.css..ko......?....M-G.#q...m...p.-..^...D.... ..w....S")JvrIp-b#.I.3...p.....\....,Z.PZ.......Q..._D.,*.%h.K..a.*..r8......R.s]....<.*T............^.Sx?,QD....A..<._..$.>_..|;<..`........#..!(s...:.....< VC..|].A.6.,.... X,p:u..A.......!.......u...3.}.D...eIVL...9}...j9=;w..-..^,.i0.e.8..... j]..,......,.S.k:....Q...Q1O.....1Jy......y..t...I.rX@.g)*@....J~. F....-.U..,&.P......arr.>%.1..W..........l%..p.W..h.........LJ....<....m..U..........!H..vN`:s........D....{D4..e.i.........%..t...!~\......F..^..Sgt...."...x...<.-.`...t..w..@..8....X.. (."=U.....(....(.....JL-..@...=...W..1.p..2.j..y...rlK.l..{|D....s.%.2....3.\ 'H3.... ......'.....iu....D..D....D!..A.....Q....@..y(`>.3b0?;..1..CW... ..V.W.gd.......R1..2.P.|.......^..p.."...5..L."mF.......R..8...[.PB..#]}F8- .....%E.......F#.D.!....."..:.,.:R\Y...g>...R.u].....B...B....@C./.DP.Zc.....g.d#i.2.A......af.D.4;.@~WW.......&..Srfk.8--.....n..s..b....d).......e..W.d......?l=...5...GG...G......$&..=.......tV.W....p...1........p...xF. ..1..pL.sD....;......._,....3..,....a.....s<.L...<..`.....)9.4...x(...P2...w...e......a....wqIe...6.8.....5..mx.gD.1G.....`.IA...>.X.<.... .~..b..dq..8.^...uN>.d..!...8*.2.W.. .....H.U........7. ...w..D.O_r.W....9....0.F..._..L.........V.VI5Y.s..sZ ]` #%Z..p ..Z .;olx.........M.C..^.....7.......p.....O.6.m.....zd.<..G.,g...Y.j.|..TP...|...d2.r.....K.6......b....vu..|..s.. ... 7.....9'.c..[...sD0C........F..,I..R....IcL._...I ...(ZB....LZ.m.2.....;h
<<< skipped >>>
GET //Displays/Templates/756e2734_Win_A_Banner-NoLink-DeclineLink-Java.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.cloudbox106.com
Accept-Encoding: gzip, deflate
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Jul 2014 21:06:33 GMT
Content-Type: application/zip
Content-Length: 7745
Last-Modified: Thu, 06 Mar 2014 16:11:23 GMT
Connection: keep-alive
ETag: "53189e2b-1e41"
Accept-Ranges: bytes
PK.........F.C.2..............close.html]PAN.0.</..09p }.f.x.G.M.."8U.".=N.E .....L2>.....'..4d.:..p..v...E.n0 .a...^2D.....u>z.Q@..N.q[ryK....].c...)...E.f.F.K.#..e..D@6R.9s..EH..8.a.W........x-KN.S...A.....G.....f.....U.3M...77.~.....fB........Eiw..9t........z.~.PK..........$C~...h...........finish.html.TM..0.=.R.....!...R.I..Jp.".8p....1....4._......j.d%.y..<....#.P`.S%-p.:..'T.1._*.-W2.M..*H.Bi[L:..g^Wa@g\r.../....."9....R4YÜ.4..@Fl.2*.5h${..& .pC..F`....He.....m..kJ.-...R^\.......4Gz...)A.'..VB......~.Gm...O......Z.9..rS....~.;..Q.4....p..,..e..=...H.1K..p.C5/....~...fL.>.......'9.w.B.JXGA.m.k........x. q..N.......~_.[..(P27~.e...jy..^.o....{..~ '..a..m....u=..G.h'..0tj..ja.#....t_...z.3........o/.e..o.7.&Anm.."U.:....9s.......~D.D...2/..vj]...P..t.|.|]o....7..\.6..>...O..: ..^i.:....j%...$.* 5g6O.W.....r../_/.t..cd..N.L`.\....#t9..........s.z|..........d...NF@...q..,...0.~....s.q...l.C..;....%........PK..........ZD...x.....(......group.html.Zm..........}..@wN.4i...n^Z..k$v.~*..h.=.....m~W.A.Y.....].N.8......3#.~x}.uv.nva.]_.}..mc...{....}..'wm. Uw../...M0......q.........nwO......|..._....../...zGf....~6<|h..uA.....arvx..Ww?SW.=.`U.......G.....h..|J_..>......?|.#.qP?._.kn.....G........]g.B....#...}pc.y..c.X..Wy...(........=.....3......}.6.Sk.j...L...<....#/......Q.i..m....}.IY.O!:...^u..(..4.H,W...I,.......Nvt..1.5a.<z.t3...}..?.A.|..W..{.........V...../..n..R/.............?a..Q}O...F.b.......v...O....L8=~..!hG.Q..........R.O;b..S.Psu........GIi.Sx..^D......eo.p..4D.......;.
<<< skipped >>>
GET //Docking/Docking.zip HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: staticrr.cloudbox106.com
Accept-Encoding: gzip, deflate
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Jul 2014 21:06:33 GMT
Content-Type: application/zip
Content-Length: 37048
Last-Modified: Tue, 26 Nov 2013 13:00:11 GMT
Connection: keep-alive
ETag: "52949b5b-90b8"
Accept-Ranges: bytes
PK........1Q.A..T.............position1A.css.....0.D..W\.n....H.Q... .~@l...Ii"*..k.......9..]..t.jp.../.......6.<7Th...5L....}..E.. ....L.S...........V*...8.;r...,6..r..'.?WC......yX.'c............&.XHA...PK........,g.B^P.]............position2A.css.S.N.0.}n..b.K...m$p^v.j%^...~..............!.RB....c.9s.L~f...[r.....y.x..\.V.7d.-..L..}o.3k.........Dp.....99....x...P)3....(..V........EL..I..B.G.A..{.y........en....<.&.l...[..~.U..'..7..sCC.....O.Z....H.J..G.p;...`.>.....-V ..g6R.......qQ%.Ua....E.7>..o...W.....f..k.L.ME.....cTSF.....s|....#..%....| ..hBv...Lqf(..@.w=...~P$<p.E...y.u..........W.k0[...w.Z......fye.../...&Q.....c.q........1.0.g..ay......|.gI....W.4...GJ...R..e...;.....}b.5.3.^\...A[..O.FX..'5o.%r......F..:....PK.........H.@....Z...........position2B.css.Q.N.0.....D..a..Fp.1B............]....mA......$=.|?=.uF.U.....[ot..~...9Ld.Y.......N.y`~................#.||..j)y.(/..n.....^....45.....\.."..k$. ...0..@C'.$....Q..V.:k&.Z%.U ?.X.-..F..E.Ra.<u..;($g...}.......Ah...)...L.*5.Q0(.M.v.....t`....ho..........d/4.p...A.7.....Ee.$*J...S..r.=.<.... l..%.|!j..6..c"...%:.d.......Hen.[xK...O./....U.}fuV..PK.........lMBjre.....B.......position2C.css.....0....S...bL/....A...P}....h3%....nE.*..Y...}.]..FZ.m7s:.%..0MS...PIm.g....7...U..,VK..}....c..c..-b.g.FS...(.P.x.0.\.?\.'TS...k.2!WG4.....#G%l.. .'.{.....ix...B.}a..m..R.v......(.........,..#E.3'8.._....?...z.PK........VG.@! h.............position3A.css..Qo.0....S.:...-..R.........}..N.f|..k...}6Ic.%.:x;.......TT.l....._..Y._]..r._.x..Ppq.C
<<< skipped >>>
GET /index.php/api/361/JFileManager/638/1026/English/WW.xml HTTP/1.1
Accept-Encoding: gzip, deflate,gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Host: api.v2.secdls.com
Connection: Close
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Encoding: gzip
Content-Type: text/xml; charset=utf-8
Date: Tue, 22 Jul 2014 21:06:28 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: nginx
Set-Cookie: symfony=jeee4batlhtev1dhn6bhp42dt4; path=/
transfer-encoding: chunked
Connection: Close
f77..............ms......;...fG..s...d....w...f.....5{...$R6S......1....p#...i....&....6B......1$..|V.=k..w..1.......}...L..@..g;...?,..h.......O.lonE...n..S.v..O....._....u{....Ig.......K......_...4......"#.TMS./......Ru..&B.j`...M...........L............?f.F...R.QR.....3R(..*..Q2i.4....K.&IH.5.....d..L.P..i...&P.Y.4..(...l.2.dY.....R..iJ&M.MM.R. ......?.Z......O.gF.-..%~..L...........0\....B t&...XS.>...;.,..%a .-y...........H3...... .W.......[=g..j...Z}.v..wgT......,B2_......`&........AKW5.t...9..=.X.K|....q..=2.9........~w.......h/..Q.W.>.H..0.....s"[....?..n.L.J ..&.i..~..^ ..y.....K ....4.H......%2#!.p.....J..l../g.......[.3...Z}...{..93;.....6..96.vG.O.U..Mu..rN.........y...v...%....c....n=.Y.....O.V...\..u.I.{xx8.b...~....l..[..M.../..Z$..........}...{k.......n...N..?.[MRf@{.7...J.Vw7.......5....U..\^....wO.d2c.%@...q.......Ou.=..EX.$...k.G;O...!M......w>..r....e...|%\N....o.L..-. .....j_...5y.3L_J.......O.4}..v...{K.zV......IA.....Vh.....tXx...@.j.M...I~......}.....S6-*J.~.../}o....b.... ...?."...fj=.}..Abk.@G......R....xn.!.aMi.....W.P1..}..V<...X.^_:?..*......N...x... ...NW..s.._d..._.v<l."...,y.4.Lf.g...F{g.....}.V..V.H...=m4qb......'>!np...2J....S:)..3....?Dp.n......2.CT..M.x..tB...JY..%..hO.f E#.....<I~....<........G..l]!?.6.t......4.Oh&tyA...*|........>.g.O.$q....C.w.}..r..k....yt.x.x...{.b.............O....$M.y?V....<s..M....P|O..*...Z,...........I.~.......AV.$...D...Z.?sg..P|.z>..a.Vi..6b{.......E..4Q...'}.?: ......].t.H.K..M........;...0.e.g..x:.t..$ccz#......x
<<< skipped >>>
GET /Loading/b111f3f2_loading_java-similar/images/safe.png HTTP/1.1
Accept: */*
Referer: hXXp://staticrr.safetydownload.net/Loading/b111f3f2_loading_java-similar/box.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: staticrr.safetydownload.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Jul 2014 21:06:20 GMT
Content-Type: image/png
Content-Length: 11629
Last-Modified: Wed, 28 May 2014 17:14:38 GMT
Connection: keep-alive
ETag: "5386197e-2d6d"
Accept-Ranges: bytes
.PNG........IHDR...H...U.............tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:97E89074DEAC11E3BE9AC4982E4C1D8B" xmpMM:DocumentID="xmp.did:97E89075DEAC11E3BE9AC4982E4C1D8B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9877AA7FDEAB11E3BE9AC4982E4C1D8B" stRef:documentID="xmp.did:9877AA80DEAB11E3BE9AC4982E4C1D8B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>3V....).IDATx..|..\W...S.~9JO..J.e%[.mX.l.c...,..Y....vg..f........C.v.,....D'<`.9...-Y.....^...o..:...,..6....;...........i#.c...g..S..w..H.3p.&|.G...a.h4..,....f..m#..... ..q.....8....Q$........'.......>va.F......,..W.(z$..-Q.?.Fal..C.^.l.G.|..54.:.4.V...q...B.S..{..._f.....kk....l.Rix-.>./...=.>......o..#.^M.~.i..2..`.v.h.......a... @.F.<.[....m...a.v.J..V:..I....4.lu<.....g..Z..\....h|)..O..g.`.".x5.....%.l.&.Qu .....Y.....(......S.G.......T...Jy..6........4q..9...L&S...T.eL......I.8f.)T.*.L..w..ua.....\..}.p....yU.j/.U..'.n."...h.i..!p^.....6.....<.....h.a.QB....yB
<<< skipped >>>
GET /Loading/b111f3f2_loading_java-similar/images/loading.gif HTTP/1.1
Accept: */*
Referer: hXXp://staticrr.safetydownload.net/Loading/b111f3f2_loading_java-similar/box.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: staticrr.safetydownload.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 22 Jul 2014 21:06:20 GMT
Content-Type: image/gif
Content-Length: 2932
Last-Modified: Wed, 28 May 2014 17:14:38 GMT
Connection: keep-alive
ETag: "5386197e-b74"
Accept-Ranges: bytes
GIF89a.....{............................................................................DDD..................nnn...............ddd.........bbb.........HHH......$$$(((>>>...LLL...zzzfffjjj..................BBB...666rrr.........000............RRRxxx&&&VVV...^^^.........```...<<<PPP\\\......ZZZ|||..."""...NNNvvvttt...888222hhhFFFXXXJJJ...,,,...444~~~***...@@@......TTTppp lll:::..................!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:dc="hXXp://purl.org/dc/elements/1.1/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmp:CreateDate="2013-11-27T09:52:07Z" xmp:ModifyDate="2013-11-27T09:56:04" xmp:MetadataDate="2013-11-27T09:56:04" dc:format="image/gif" xmpMM:InstanceID="xmp.iid:2A8B0E7D4F6E11E399F3F86D1245C6F9" xmpMM:DocumentID="xmp.did:2A8B0E7E4F6E11E399F3F86D1245C6F9"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2A8B0E7B4F6E11E399F3F86D1245C6F9" stRef:documentID="xmp.did:2A8B0E7C4F6E11E399F3F86D1245C6F9"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........................................................................
<<< skipped >>>
GET /index.php/apiLoading/1026.html HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: api.v2.secdls.com
Connection: Keep-Alive
HTTP/1.1 301 Moved Permanently
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Date: Tue, 22 Jul 2014 21:06:19 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: hXXp://staticrr.safetydownload.net/Loading/b111f3f2_loading_java-similar/box.html
Pragma: no-cache
Server: nginx
Set-Cookie: symfony=tb41pntr6gqv6c72q4c50obcr5; path=/
Content-Length: 304
Connection: keep-alive
<html><head><meta http-equiv="refresh" content="0;url=http://staticrr.safetydownload.net/Loading/b111f3f2_loading_java-similar/box.html"/></head></html><html><head><meta http-equiv="refresh" content="0;url=hXXp://staticrr.safetydownload.net/Loading/b111f3f2_loading_java-similar/box.html"/></head></html>HTTP/1.1 301 Moved Permanently..Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..Content-Type: text/html; charset=utf-8..Date: Tue, 22 Jul 2014 21:06:19 GMT..Expires: Thu, 19 Nov 1981 08:52:00 GMT..Location: hXXp://staticrr.safetydownload.net/Loading/b111f3f2_loading_java-similar/box.html..Pragma: no-cache..Server: nginx..Set-Cookie: symfony=tb41pntr6gqv6c72q4c50obcr5; path=/..Content-Length: 304..Connection: keep-alive..<html><head><meta http-equiv="refresh" content="0;url=hXXp://staticrr.safetydownload.net/Loading/b111f3f2_loading_java-similar/box.html"/></head></html><html><head><meta http-equiv="refresh" content="0;url=hXXp://staticrr.safetydownload.net/Loading/b111f3f2_loading_java-similar/box.html"/></head></html>..
<<< skipped >>>
Map
The Malware connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_1876:
.text
.text
`.rsrc
`.rsrc
.reloc
.reloc
vSSSh
vSSSh
FTPjK
FTPjK
FtPj;
FtPj;
C.PjRV
C.PjRV
U9f1Bpa2C9u46NjSZZD7Rqom7eRtApomywhK8GKRLftCwBJ0P6g5Zq9DU33wIQBnViGJGITtoWwM7W0FF0OEitwhxN0fMoi4NfRnD2wnKJIPxKxdDu5QtgbpS4fFaoxvax9I7W44UphNF4SNnbA9xJPTgzaJX1nwlmOaLZgRAb6e8xUXmCr8Xy8ASpBHVug2cVBspRby0GeYTkeeaoUTY530eh1MLMkH46oQQt3jryyRVqXLSGRpji4skPzXA35nvG4X5yxQuLBAHmeXuq3f45yVb6Fb4gSyCkvpw9Pujb4IuaTRM77y3ju1IcoJS6VoU1VsBHHSqwdknSyt0V8KRLLRNIWAQC0K2WnDpBpeAohHfkOZO4T67lGiqdO3UhbXFCsAF4eyG4jDDdMDAkvzv6CVCWSdLECbgKjhsTUlBLG0lBRy4R5sxdEWCknJzydKUTGBc9NQAj8UzLKaeti4JjNdfxPiFkWcH6fB4qw4do2ofTw0JnFfaeKvU8lWPgPH5Ci4ey9r6FtDs1FTiRXdgW8UvC9uw6ocARKO37CHjImFUhd2DCN7tLAjEyJMzP49qrdLr00lpp4HKD9nzg04trSYvbEYM3t4PE1bBoHlDPFBzztOPG1BAchZLBclVNWWVOiBlrTujkBqbks6SZjfc2DMxbAalvA02SQVq2DxXGsqL0XAigD5DRU3kFejqrSVNhuBwLAYWFqvf74GkRpYhHLh1H6FXB9jloi2oKXLZPn0d7dgRqoJb3NgGnKZP4avFhk0YbsJ3O9CtUd3EZYHnAhrKbwaa854koSXJzZhuLd3HnwnN9jnsz6oGMMbkYCx1sruLT6WgDJvYmhZe75zVpYVsEr7WY6GjPco6cL4dwhZZKztEX6m2cLMEFchC9arGdmitQlG3pKlAtUAOcMn3uvGXWwXEu9CrqTbiu0ij5eTbvin0pLgUwoFs7lHtxcJqh4kJTrulEd8pMEBOi7pT3R4bnSkitYW2FC3B7NgE5tcYvX0UzR35rflCZCnGGoTHkJuu5nuzacKa7Cno3K0QjcVu4N0lTH7RJEOWDGZmxE5pEkExo8M6xcyhYaArxiPDe2BDXBVxUOtGiBQSn04cpS3RL3guzafgzAz1Aq4zuoj4uR9g3tpDrwE3UsJ4drGb9KgRcYr66FRbI8w33aAfUMYd5FhiR9vdRi5ULsefctGWODu46kDGAmuQhGembWBdHeWXBMc0SGzczUC2VlzB3SZ0VErACjaBuaWzj2CuhNY3WsrwelB0x9jYo6b7uMxJG7Rz8cS2Sftq46dDm4v22sZwVY6bqXlFKRZ9bBxhc2pdUYiQxH9fTRPFC9bBoQv9qYVJRsJnhtZacVL7QpOSXgV3btHcz52vGqW6cJ8e8W7z1PCQxeV8cNle1jUeDbxVrc4mpRQlXCZqdzA9CwAp5tvCCb8G0ZlZFv3tjzSqLuNwVWaCSVMhKhZ8RBToSku8q9USGh0dNkNLQ8QQaGXfmeoxF4LLwiAVrlgdUvp2ixLeL7zyctLfsg9jGqS9L1lo2Iayc1c1ivroSgI2QsIdGuClm7HEMpqrlxld6bvlqT77YUBzR0ttsiRHfZmfuHpsNJh6xpiIbM9n7fIlXv0wWDVNaX8Iq468MvNOov8GCKVHpVc9Rpb6B4FkXD5KqKrhPbLMC37Cwu3mRnypV80b2aGRZC0Uzyp2sO2d1tFEEwUwRvFMHl6Tnz4D6CcI6ZcEy8uQHlON0GYG8xjd0kNMzHBuYPhzr6HOuq8TbZewHs2RLxFJs9RVlAe0G922eow38jmRzAbPe8eTSxYC7wofRzdTXoPTWaNW9aaW2yidrmhlxgwvamQh1Mk2dL86jz3eurTSwcKInlXFr2wQ2uSJtF5w0hTqAm42sd0fwN98Mi3aZKKiW2ZmANnOoXXXZmJedBAaeNucFhPgOXPjfeC9Z4e2D6iMIJtKM86yjJdjIXRt7h9AhNRUUJojwHGiERD5XfDP0raFbtBcmV5
U9f1Bpa2C9u46NjSZZD7Rqom7eRtApomywhK8GKRLftCwBJ0P6g5Zq9DU33wIQBnViGJGITtoWwM7W0FF0OEitwhxN0fMoi4NfRnD2wnKJIPxKxdDu5QtgbpS4fFaoxvax9I7W44UphNF4SNnbA9xJPTgzaJX1nwlmOaLZgRAb6e8xUXmCr8Xy8ASpBHVug2cVBspRby0GeYTkeeaoUTY530eh1MLMkH46oQQt3jryyRVqXLSGRpji4skPzXA35nvG4X5yxQuLBAHmeXuq3f45yVb6Fb4gSyCkvpw9Pujb4IuaTRM77y3ju1IcoJS6VoU1VsBHHSqwdknSyt0V8KRLLRNIWAQC0K2WnDpBpeAohHfkOZO4T67lGiqdO3UhbXFCsAF4eyG4jDDdMDAkvzv6CVCWSdLECbgKjhsTUlBLG0lBRy4R5sxdEWCknJzydKUTGBc9NQAj8UzLKaeti4JjNdfxPiFkWcH6fB4qw4do2ofTw0JnFfaeKvU8lWPgPH5Ci4ey9r6FtDs1FTiRXdgW8UvC9uw6ocARKO37CHjImFUhd2DCN7tLAjEyJMzP49qrdLr00lpp4HKD9nzg04trSYvbEYM3t4PE1bBoHlDPFBzztOPG1BAchZLBclVNWWVOiBlrTujkBqbks6SZjfc2DMxbAalvA02SQVq2DxXGsqL0XAigD5DRU3kFejqrSVNhuBwLAYWFqvf74GkRpYhHLh1H6FXB9jloi2oKXLZPn0d7dgRqoJb3NgGnKZP4avFhk0YbsJ3O9CtUd3EZYHnAhrKbwaa854koSXJzZhuLd3HnwnN9jnsz6oGMMbkYCx1sruLT6WgDJvYmhZe75zVpYVsEr7WY6GjPco6cL4dwhZZKztEX6m2cLMEFchC9arGdmitQlG3pKlAtUAOcMn3uvGXWwXEu9CrqTbiu0ij5eTbvin0pLgUwoFs7lHtxcJqh4kJTrulEd8pMEBOi7pT3R4bnSkitYW2FC3B7NgE5tcYvX0UzR35rflCZCnGGoTHkJuu5nuzacKa7Cno3K0QjcVu4N0lTH7RJEOWDGZmxE5pEkExo8M6xcyhYaArxiPDe2BDXBVxUOtGiBQSn04cpS3RL3guzafgzAz1Aq4zuoj4uR9g3tpDrwE3UsJ4drGb9KgRcYr66FRbI8w33aAfUMYd5FhiR9vdRi5ULsefctGWODu46kDGAmuQhGembWBdHeWXBMc0SGzczUC2VlzB3SZ0VErACjaBuaWzj2CuhNY3WsrwelB0x9jYo6b7uMxJG7Rz8cS2Sftq46dDm4v22sZwVY6bqXlFKRZ9bBxhc2pdUYiQxH9fTRPFC9bBoQv9qYVJRsJnhtZacVL7QpOSXgV3btHcz52vGqW6cJ8e8W7z1PCQxeV8cNle1jUeDbxVrc4mpRQlXCZqdzA9CwAp5tvCCb8G0ZlZFv3tjzSqLuNwVWaCSVMhKhZ8RBToSku8q9USGh0dNkNLQ8QQaGXfmeoxF4LLwiAVrlgdUvp2ixLeL7zyctLfsg9jGqS9L1lo2Iayc1c1ivroSgI2QsIdGuClm7HEMpqrlxld6bvlqT77YUBzR0ttsiRHfZmfuHpsNJh6xpiIbM9n7fIlXv0wWDVNaX8Iq468MvNOov8GCKVHpVc9Rpb6B4FkXD5KqKrhPbLMC37Cwu3mRnypV80b2aGRZC0Uzyp2sO2d1tFEEwUwRvFMHl6Tnz4D6CcI6ZcEy8uQHlON0GYG8xjd0kNMzHBuYPhzr6HOuq8TbZewHs2RLxFJs9RVlAe0G922eow38jmRzAbPe8eTSxYC7wofRzdTXoPTWaNW9aaW2yidrmhlxgwvamQh1Mk2dL86jz3eurTSwcKInlXFr2wQ2uSJtF5w0hTqAm42sd0fwN98Mi3aZKKiW2ZmANnOoXXXZmJedBAaeNucFhPgOXPjfeC9Z4e2D6iMIJtKM86yjJdjIXRt7h9AhNRUUJojwHGiERD5XfDP0raFbtBcmV5
lhYJZM6PHMrgApFIqW1jEbge0o8Ios8cjZq4QKSSAFpSr9dTcRRRIOUjaUTLOyBpOp6K9L2PeiS8WxW1koGGLqDFeh360hdcd9ebJx2nVemUBSd6w4AAnzDO74IKfkCRDNAPRibkJYmc0kLd4X9TWreYPNLPYsiLMFqXsypn2p0ymBXWsFPslS4mIL9dGvvrQLzv4XUG3VAH3tJdJG1tKYluKpEoXEWNJkbl9sWRIhQoNOPhWESrPp5zc54bGZwz8W8TsydqUjUDi7Q6KwBtWE8toLjdxVlTUrp1P5ZyABHFUJRp4xC4sskoRU6SEFqhiFHXXB4jXvTjPqEtLWuxFHzmbIZ3kEhbSJIpb4CCDtg7JbJAqNgSl2MKfvWoLa8snSAgRorRt14mACN9oXPGhu67XpeQ58R23KJ4y8yVFVhIIgW2LsrRGjgJdCoajTp68J8QdV4py4bwnyzQDmfMQ9wTEa06UxMVFkK8ifYZybsMiUwPcIH61iDEarWGH4EoZgfZXYrwK536Q5rmmLROGF7sepwaO2LvqU0whOP1Zwn5pGXf9Ku6n0SuiWVICrRRtHQ6e4eH5ZYjrbdHBraeIPizAgfP29OUQmzJGyxAYdnxIMSkVOwg0ZAFzp6ZLJj2iQiDew9yPMRonDzXy54nNH30V3krBHYo3uo2DogzO7Aoimr5ZjBPP5pLWsRkbryqOr7wGKjKCAtSzflGk9bGrnUPxPmrsXWxiBkZUBgVPEq2l4bOSxvbq18AGs81y2rON6K75vWS3q1W71DCNHI4CVhrCTtBCpwW3RU5LZL3DCb5jNTVRe3VzGH52rkvjVX3tQzvWHmchpIacHUuBbddIMLwkYduOpUROiMCoy8j10Oj8G2uH04hSUuRfcl8E2y1F0w4LrFqENfmQGzUTzZAzxF8LqLWTKEy4j26j8KQ85XxzTZcJYrsqoINvqFuQSH4jRsGNDLVYiBDKiJ2AIn5tliQLpL3Cpapy3nRAszgZroiJ0UGh4lCDqtIrG36xssUNL0VvDFaasFup4mgDhwLEq3cmC8a8F1H8EE7a9lOzlBlV9twuWDp5RpwSYI3EEbFA7vUAogD6SlsPTzlKP45scXThRT83NKaP0RtzJNHyPR0R2xvxLapXKrncUY1TadRcejYcgWbbwGMv7bpuxKrNunfJDqPVWXxL9XNTIsrZ8nAdO1e3p2XyahQpwQCLIIPXQitcvAvzl0SNFnI7FmGSAJvIDlmDb4Vi8N7fKRHYGxmjydUjiEfwc7wgXUIkn1yqfKP2pCxYORlcxljAAdva7tL6z8Ed32N97ZpJQ2erttNMXfcd9S6b5jTXkimSnoyYFDuN0fUPezQOP8jt5Bek6MeYfCyIPvee4ZhtVyn47r7FDfhl82WVkn1ql5emLNiift7kC4gmpuFM6zgesp9MruZJmgaK0hNE3B2OiN6GcP6sGnuWZ93vOF1VEx7v3FwhQbTFGB6PtDJLyHd9WoV0nr0xJhkvpnQ6OwzAQGUm1XsnGfDKLFi2jf4qJC12dsUd7MaJn646U0sYeet9zmTUfYWJBi0nP2iIcpq3e4xOKlhtWfmFi2D1I98i0BhfgQrLSSH8n36w69jz50y4CXJWt7aeDtpsEeyIbdPTxIS8waJW7LxHKS9sHerVSDF4OO12LKx2kOG3eKAtxog26RRVefb7V4b4dXuSiRkXzUwjVE0xVG1DLUuUM73DCA65Hyi1iKrq1gB4Q4WCgxzJFzf51NMcjcv9YBLwv9plpLMFszeSkBxeawzitnaE7pgYUCfosAghhnuX7O4UZk0qby1OsXITm4egfMqGW6GLWDQOcGs5vpWSP6lsFE7zkBX7yfSuxx82NpDISnMWENx6hvBjA8br9hAvQTq7Y7H8r4eADNKAcOeRBeNmBCtr6wJUrjV8UDRtQLjQsPS7OeX2LMN1XljDG6aOGvNUinPJ7Ua0474VUvN1JRiOF3lItnWTKEj6b7ZAyn41MX60ryS
lhYJZM6PHMrgApFIqW1jEbge0o8Ios8cjZq4QKSSAFpSr9dTcRRRIOUjaUTLOyBpOp6K9L2PeiS8WxW1koGGLqDFeh360hdcd9ebJx2nVemUBSd6w4AAnzDO74IKfkCRDNAPRibkJYmc0kLd4X9TWreYPNLPYsiLMFqXsypn2p0ymBXWsFPslS4mIL9dGvvrQLzv4XUG3VAH3tJdJG1tKYluKpEoXEWNJkbl9sWRIhQoNOPhWESrPp5zc54bGZwz8W8TsydqUjUDi7Q6KwBtWE8toLjdxVlTUrp1P5ZyABHFUJRp4xC4sskoRU6SEFqhiFHXXB4jXvTjPqEtLWuxFHzmbIZ3kEhbSJIpb4CCDtg7JbJAqNgSl2MKfvWoLa8snSAgRorRt14mACN9oXPGhu67XpeQ58R23KJ4y8yVFVhIIgW2LsrRGjgJdCoajTp68J8QdV4py4bwnyzQDmfMQ9wTEa06UxMVFkK8ifYZybsMiUwPcIH61iDEarWGH4EoZgfZXYrwK536Q5rmmLROGF7sepwaO2LvqU0whOP1Zwn5pGXf9Ku6n0SuiWVICrRRtHQ6e4eH5ZYjrbdHBraeIPizAgfP29OUQmzJGyxAYdnxIMSkVOwg0ZAFzp6ZLJj2iQiDew9yPMRonDzXy54nNH30V3krBHYo3uo2DogzO7Aoimr5ZjBPP5pLWsRkbryqOr7wGKjKCAtSzflGk9bGrnUPxPmrsXWxiBkZUBgVPEq2l4bOSxvbq18AGs81y2rON6K75vWS3q1W71DCNHI4CVhrCTtBCpwW3RU5LZL3DCb5jNTVRe3VzGH52rkvjVX3tQzvWHmchpIacHUuBbddIMLwkYduOpUROiMCoy8j10Oj8G2uH04hSUuRfcl8E2y1F0w4LrFqENfmQGzUTzZAzxF8LqLWTKEy4j26j8KQ85XxzTZcJYrsqoINvqFuQSH4jRsGNDLVYiBDKiJ2AIn5tliQLpL3Cpapy3nRAszgZroiJ0UGh4lCDqtIrG36xssUNL0VvDFaasFup4mgDhwLEq3cmC8a8F1H8EE7a9lOzlBlV9twuWDp5RpwSYI3EEbFA7vUAogD6SlsPTzlKP45scXThRT83NKaP0RtzJNHyPR0R2xvxLapXKrncUY1TadRcejYcgWbbwGMv7bpuxKrNunfJDqPVWXxL9XNTIsrZ8nAdO1e3p2XyahQpwQCLIIPXQitcvAvzl0SNFnI7FmGSAJvIDlmDb4Vi8N7fKRHYGxmjydUjiEfwc7wgXUIkn1yqfKP2pCxYORlcxljAAdva7tL6z8Ed32N97ZpJQ2erttNMXfcd9S6b5jTXkimSnoyYFDuN0fUPezQOP8jt5Bek6MeYfCyIPvee4ZhtVyn47r7FDfhl82WVkn1ql5emLNiift7kC4gmpuFM6zgesp9MruZJmgaK0hNE3B2OiN6GcP6sGnuWZ93vOF1VEx7v3FwhQbTFGB6PtDJLyHd9WoV0nr0xJhkvpnQ6OwzAQGUm1XsnGfDKLFi2jf4qJC12dsUd7MaJn646U0sYeet9zmTUfYWJBi0nP2iIcpq3e4xOKlhtWfmFi2D1I98i0BhfgQrLSSH8n36w69jz50y4CXJWt7aeDtpsEeyIbdPTxIS8waJW7LxHKS9sHerVSDF4OO12LKx2kOG3eKAtxog26RRVefb7V4b4dXuSiRkXzUwjVE0xVG1DLUuUM73DCA65Hyi1iKrq1gB4Q4WCgxzJFzf51NMcjcv9YBLwv9plpLMFszeSkBxeawzitnaE7pgYUCfosAghhnuX7O4UZk0qby1OsXITm4egfMqGW6GLWDQOcGs5vpWSP6lsFE7zkBX7yfSuxx82NpDISnMWENx6hvBjA8br9hAvQTq7Y7H8r4eADNKAcOeRBeNmBCtr6wJUrjV8UDRtQLjQsPS7OeX2LMN1XljDG6aOGvNUinPJ7Ua0474VUvN1JRiOF3lItnWTKEj6b7ZAyn41MX60ryS
LuGGfibLOhACEzycTXhNtlwk8ij1HBuwBa0az78YLwyBL0OSoNgq6b4A7wI69jdnXebDJyNVZtc7W5JiEAN3udAzgAcdzbZCslOH8Chq53JaHK9PZvYOOavBXjaY9kJV5OcQNjVyHCIX0Z2XFZd99QgWg9wZCsrUtXf3ItcPKzhmCIL7qmsjhJWpHpJNX66okXDcU9omC3ekTxoe9BBVs7AZtk00cr6os3xcHXRRR837fETlYivGHGPoLrdDSlyl7020alHlUTdudDTZBOc35zQVniBqUn8GJSaoM3lMLkWXkvzO2D1trmMNRsMPw9dRmcKwpoFqh2NIvhHyGAFiHkOi9YkTuUL9ORShVdzO8KlzJdrKVoi5E4jcyBxAeV6xrN3OyzNDb1k78pJ5KlyzbONgaovZkUzHrb33lQmHQK9qcqIUxB6UbJMP4GPLx7cQA3TfXnM481SAOweTQLBSXOGSyn8OaLjTIs0iHC6kZcVj0lbHC54VGUBRoR1WlOf5LQjpMRGpHr3KMAEOpFHLytewbiSmiA4Gcdz42OIfCVDo10fYnmHPhDHsMXnE8ughwxHIaKWL7BjNZZEkd4853pyJHzcexIUaQh9VvOy8LbyBQNbmTdV4RhEsOa0qC4jZKD5QK4ZXuBKtGZw3xZutWZtIMRhvXhGR1I0mSuMZn8JqHkVZO63MJZcVkwd2yEA8hp4USYfvpMItFhPL6iIwUgRpjpLlv34EuZeizyjhMmz0X0R4eJvp6dobHPKDm39vRe9PdGlH8BUIQ0BsHRhWIOHqLcKUXQ4S7jOlgUnJEtnn3HJ3OZ6nx2GzX6prb5MhBdkuJzFaxqgQFOJlic5AKyifMoyjF6IIRfWZwptou6ZhWZ3ixdi89lGc5fRubvEBRH9z46eAaOrs2su0ThloaLuQ9xFcj3ugDyuCWc91fUx7QOLKkKAqs10yMP9HAbrhukZD71eRhujpow9vV52IDdYLI60gcBAeDqNFYhMsSKuNa3LS8jR3WoCpMu6mkYtE5H6BG5s3T1VPxON5jvShcdvYiQt8HLV4r0SC7kmc1Xk4DX27RacYfmB1mitZMtwhg0yG6k89jQpowJ0quPAhJ3oId6aVth0Y4q1F8zSHTHCXOm3WEyXKnQ9nPR7d004fM8BgRur473xcAB40dnr5tpLnqO0rCOQ2MxkQVWfkg2Nut7XnzNDOATSWbhVW6j0MbXxb9rdktIUJpoH962oMcjRk1t8impOB3tjd9LIhJtu18jGWJV0e5oJ1gnkQs58d3tP5fDautgdTYZlSWlJAoVK5v4FdrSGbjrKlqpcrZYI3QpgGQfWsSER2f3pUdvZXlTjBoWacmKNznQogX8xl6nsPJSgw9snE9US7gOr4eTgi1rPyPj7e7N07GhAKCKFAW4eMzbjOjzEjrtDNvl3IGmRLYCdDLF7TmOdPwtCjsvBUSl9nOWprQ63KmDX67QcNCU7MpXrbTUqlU73NDZYZqPcqVDC2PS7G2f72085AXpkp42pVTA4NtkqokiQWAXUsviqREN3GvWv27xRY5nUpXtmRZTSRsi99E24WLHqfGxsHZyrWB10mdFFb5I1V5lomwFgpNlMY8R3wYqdQxsj7PL0ophYEvVx37GxlTCgL6ED1CAlnUQxxKFBVO29GxiDnu9zs2275lIbkh8WY6KUOy9sBeMG1CKoXbqHCLLCOhFjM3erci2NmQ97ODeQwvPj0zLgkjNJFciylAeEHqCVXgP9G3cuH4fsBwtmr8g2EsijHLVnzJjg34vTUMJrgtcK606Zh1mIkbgPGC6hd6BIhlXVq1R75tP61PuuxXMR57pOSDG2XFEK1CYXUKqgfhsPwjY0hMTpuUNk5jdWuYjzYeey1HKWHFMXPJrIOQUlVoqhY8C7hPSauqNNianUHfWVSu8vUX9TkukX2pBsQFLisZlc7JdgP47vBNaS9gnuQ9Z9fZU3I4dcDNC3j5xlU3epwZvpoTsKsrCt9l7hY
LuGGfibLOhACEzycTXhNtlwk8ij1HBuwBa0az78YLwyBL0OSoNgq6b4A7wI69jdnXebDJyNVZtc7W5JiEAN3udAzgAcdzbZCslOH8Chq53JaHK9PZvYOOavBXjaY9kJV5OcQNjVyHCIX0Z2XFZd99QgWg9wZCsrUtXf3ItcPKzhmCIL7qmsjhJWpHpJNX66okXDcU9omC3ekTxoe9BBVs7AZtk00cr6os3xcHXRRR837fETlYivGHGPoLrdDSlyl7020alHlUTdudDTZBOc35zQVniBqUn8GJSaoM3lMLkWXkvzO2D1trmMNRsMPw9dRmcKwpoFqh2NIvhHyGAFiHkOi9YkTuUL9ORShVdzO8KlzJdrKVoi5E4jcyBxAeV6xrN3OyzNDb1k78pJ5KlyzbONgaovZkUzHrb33lQmHQK9qcqIUxB6UbJMP4GPLx7cQA3TfXnM481SAOweTQLBSXOGSyn8OaLjTIs0iHC6kZcVj0lbHC54VGUBRoR1WlOf5LQjpMRGpHr3KMAEOpFHLytewbiSmiA4Gcdz42OIfCVDo10fYnmHPhDHsMXnE8ughwxHIaKWL7BjNZZEkd4853pyJHzcexIUaQh9VvOy8LbyBQNbmTdV4RhEsOa0qC4jZKD5QK4ZXuBKtGZw3xZutWZtIMRhvXhGR1I0mSuMZn8JqHkVZO63MJZcVkwd2yEA8hp4USYfvpMItFhPL6iIwUgRpjpLlv34EuZeizyjhMmz0X0R4eJvp6dobHPKDm39vRe9PdGlH8BUIQ0BsHRhWIOHqLcKUXQ4S7jOlgUnJEtnn3HJ3OZ6nx2GzX6prb5MhBdkuJzFaxqgQFOJlic5AKyifMoyjF6IIRfWZwptou6ZhWZ3ixdi89lGc5fRubvEBRH9z46eAaOrs2su0ThloaLuQ9xFcj3ugDyuCWc91fUx7QOLKkKAqs10yMP9HAbrhukZD71eRhujpow9vV52IDdYLI60gcBAeDqNFYhMsSKuNa3LS8jR3WoCpMu6mkYtE5H6BG5s3T1VPxON5jvShcdvYiQt8HLV4r0SC7kmc1Xk4DX27RacYfmB1mitZMtwhg0yG6k89jQpowJ0quPAhJ3oId6aVth0Y4q1F8zSHTHCXOm3WEyXKnQ9nPR7d004fM8BgRur473xcAB40dnr5tpLnqO0rCOQ2MxkQVWfkg2Nut7XnzNDOATSWbhVW6j0MbXxb9rdktIUJpoH962oMcjRk1t8impOB3tjd9LIhJtu18jGWJV0e5oJ1gnkQs58d3tP5fDautgdTYZlSWlJAoVK5v4FdrSGbjrKlqpcrZYI3QpgGQfWsSER2f3pUdvZXlTjBoWacmKNznQogX8xl6nsPJSgw9snE9US7gOr4eTgi1rPyPj7e7N07GhAKCKFAW4eMzbjOjzEjrtDNvl3IGmRLYCdDLF7TmOdPwtCjsvBUSl9nOWprQ63KmDX67QcNCU7MpXrbTUqlU73NDZYZqPcqVDC2PS7G2f72085AXpkp42pVTA4NtkqokiQWAXUsviqREN3GvWv27xRY5nUpXtmRZTSRsi99E24WLHqfGxsHZyrWB10mdFFb5I1V5lomwFgpNlMY8R3wYqdQxsj7PL0ophYEvVx37GxlTCgL6ED1CAlnUQxxKFBVO29GxiDnu9zs2275lIbkh8WY6KUOy9sBeMG1CKoXbqHCLLCOhFjM3erci2NmQ97ODeQwvPj0zLgkjNJFciylAeEHqCVXgP9G3cuH4fsBwtmr8g2EsijHLVnzJjg34vTUMJrgtcK606Zh1mIkbgPGC6hd6BIhlXVq1R75tP61PuuxXMR57pOSDG2XFEK1CYXUKqgfhsPwjY0hMTpuUNk5jdWuYjzYeey1HKWHFMXPJrIOQUlVoqhY8C7hPSauqNNianUHfWVSu8vUX9TkukX2pBsQFLisZlc7JdgP47vBNaS9gnuQ9Z9fZU3I4dcDNC3j5xlU3epwZvpoTsKsrCt9l7hY
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
operator
operator
ADVAPI32.DLL
ADVAPI32.DLL
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
portuguese-brazilian
portuguese-brazilian
KERNEL32.dll
KERNEL32.dll
RegOpenKeyExW
RegOpenKeyExW
ADVAPI32.dll
ADVAPI32.dll
OLEAUT32.dll
OLEAUT32.dll
mscoree.dll
mscoree.dll
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
JQpRxmAGvMD9V8POG6llIXOxIwzbRYadqHl2HMZmdvnOsukS95EPnvwWb2ibXyYHMASoWWh3g8hnJafnlRcVtvZ5kz1ODYzPGQb1VVfSHQbl9jNn95sZ7e3z4e706msQTeqzMdWvZBS7R5vzL2kQX1mbzD8RYoWvyvC42oL6i79Fv6S9SIpdcL211oaiffGLPxIwDAGw6LxLi03e4LWTtkN036EAfdqm4bPGyuIJV9nJz85lFcAXbsDMe2kj5ep2ukRhlwPJdn8u6eB4bs4cMDlLIcBFkyNQUvoorYaiw1TYxNHeHIKzEkpnEX2FmZCrqAlALhBpzadf1NaxKWP4QGh6uPjurjcIXJW7CgDAhvaEgkw0XF5AkHLUtpg57g7q7Fsr1c5DsoXvGNZk6srxxOcafUmNAG423Q7hq3GAedYR4gjoKbb9eKI9jSN5tJV2ic1W4T5cW0suZuf8L8dzF5Xsh77IpKhEs6I1pwu0f8nnrokYNOuuOqshQ4inX69kfnR1YPzfwqqaNMRsoteGdgvZeDrmjINgsGlE03R5h2iy9sDemZ8E1Dg922Xuxm5YMkRhBmCuMiyl86ZW9n9uJjoZ4zKj3hffhk5gtjyOpi8GCllgL7wsmOSBA7lEgPKyzinbdqOnNSmUNa9ToEH6VW3DBEQw83HKHKgt7kcvtiODB8Xz8CpMhNMNpUJJhZKgYOIQy33EBJ8qoT7wMShRygJVJspVU7i54mW6NwVbgUueNepEPsnzR2SRfXgfNiTEAdvb6aTp7gLOVEhEcUgBTSncEf1ZqPx8vWjVa38j7thPuGY0LV2aJ2qAAgg9AF9olGz7RUTvvpD6LK1KTc4aYRvDGTv4X8SBt3EYh1i0bHOtytYZoFqyL9zEl5A7zZHwGcMSth3Tr6aAgVkOPLKt9jFybAFb7Tr87ak90qFupWuB62GOmSfVXyMVN3P2L1VIPcDgKkYygpenYeCj31ZoNGkIyzv6KMSxaWW4yAdcI4bkvlb0qLSxZHQ0G3ZCBMKyCuKOCCbcIQLen2NLxVLgeriU3anwvPR5tNSaKxxYKQYi5LNOqoePbEuklZVCoPQ39PVJjMaayXGyNgPO5GVbSE3bOFFPEXq96tzCuCFp1wzq9Ixf9be0YhZs2BY0YP2efqztRmtDbFkwfMcgiAQDSzlYEgK2OOAmDulSjdxWRKZs7DmpOGKtbXAUa0TF0oHNxwQBbx8FZ0v3SlZipLUmhJ5EUtgujDdn8F98B1UqHeDlBGbZaKqoDuGYBlQRrOwwXi5mm1Qy1EPcfUcorrtIqKunUmtuJKMKCW5IsYTzrlB7dhjxtqxhmdHbpAEY4Lv4rY5SqplnTv6fjwjNc6atmExyp4s2t5EQ0HPolBgeeky1hC23q0V8KbRXi0EiVwS3fn7PjvmhotUDcQScSkkGqXA3CwMt08P0D7LnxxQ9ZvBtNKiCiBALmlMsWdmWS2qpO4aeeEPuDkR5wgp2oklyIeOsvtBuNiDFpWMKB2BXejjo8va6huIgZHHWRa96sOnM2Yd8lnvMth9PJADCaOhtKwPRpZ2A3EFA6GwkrcV385WSI2nrHG5OH3cFivTvu5TZCYQ9o58zKc31h593KpB5ND0VavH9ovWZqs0BuXZHNDkkrWnhCvXDubf87492x9loqdLYfHIWz4sksQEniAH3IsEon1EAY7jOs64nSk6VYaWtuojHDIK0AePOXBEMtHxThvUvxoTtBK6xLpGg5F10WMXytf9qQuBqMcm8EXkpYryZirdH4xRYPH7FHvbrpDMgiPVIdHLhi3OmM5HlDnniiwg1WoZrTDIakakeJOWS0fcdrbLWTU3VLh6KEiFDMRtPuOcMUDMZBEsdtdKUMdH9JXyddJJAjsfiWwSN99bqhethhFDQfUFfnHQvw04PvVnPq3CXVoOeHIlUh1dum61og25r2P2uiDRQfAKndP50fBHPv6oFXKCy48Jx7l5fwt6e0EPQrZrGbajPvp56
JQpRxmAGvMD9V8POG6llIXOxIwzbRYadqHl2HMZmdvnOsukS95EPnvwWb2ibXyYHMASoWWh3g8hnJafnlRcVtvZ5kz1ODYzPGQb1VVfSHQbl9jNn95sZ7e3z4e706msQTeqzMdWvZBS7R5vzL2kQX1mbzD8RYoWvyvC42oL6i79Fv6S9SIpdcL211oaiffGLPxIwDAGw6LxLi03e4LWTtkN036EAfdqm4bPGyuIJV9nJz85lFcAXbsDMe2kj5ep2ukRhlwPJdn8u6eB4bs4cMDlLIcBFkyNQUvoorYaiw1TYxNHeHIKzEkpnEX2FmZCrqAlALhBpzadf1NaxKWP4QGh6uPjurjcIXJW7CgDAhvaEgkw0XF5AkHLUtpg57g7q7Fsr1c5DsoXvGNZk6srxxOcafUmNAG423Q7hq3GAedYR4gjoKbb9eKI9jSN5tJV2ic1W4T5cW0suZuf8L8dzF5Xsh77IpKhEs6I1pwu0f8nnrokYNOuuOqshQ4inX69kfnR1YPzfwqqaNMRsoteGdgvZeDrmjINgsGlE03R5h2iy9sDemZ8E1Dg922Xuxm5YMkRhBmCuMiyl86ZW9n9uJjoZ4zKj3hffhk5gtjyOpi8GCllgL7wsmOSBA7lEgPKyzinbdqOnNSmUNa9ToEH6VW3DBEQw83HKHKgt7kcvtiODB8Xz8CpMhNMNpUJJhZKgYOIQy33EBJ8qoT7wMShRygJVJspVU7i54mW6NwVbgUueNepEPsnzR2SRfXgfNiTEAdvb6aTp7gLOVEhEcUgBTSncEf1ZqPx8vWjVa38j7thPuGY0LV2aJ2qAAgg9AF9olGz7RUTvvpD6LK1KTc4aYRvDGTv4X8SBt3EYh1i0bHOtytYZoFqyL9zEl5A7zZHwGcMSth3Tr6aAgVkOPLKt9jFybAFb7Tr87ak90qFupWuB62GOmSfVXyMVN3P2L1VIPcDgKkYygpenYeCj31ZoNGkIyzv6KMSxaWW4yAdcI4bkvlb0qLSxZHQ0G3ZCBMKyCuKOCCbcIQLen2NLxVLgeriU3anwvPR5tNSaKxxYKQYi5LNOqoePbEuklZVCoPQ39PVJjMaayXGyNgPO5GVbSE3bOFFPEXq96tzCuCFp1wzq9Ixf9be0YhZs2BY0YP2efqztRmtDbFkwfMcgiAQDSzlYEgK2OOAmDulSjdxWRKZs7DmpOGKtbXAUa0TF0oHNxwQBbx8FZ0v3SlZipLUmhJ5EUtgujDdn8F98B1UqHeDlBGbZaKqoDuGYBlQRrOwwXi5mm1Qy1EPcfUcorrtIqKunUmtuJKMKCW5IsYTzrlB7dhjxtqxhmdHbpAEY4Lv4rY5SqplnTv6fjwjNc6atmExyp4s2t5EQ0HPolBgeeky1hC23q0V8KbRXi0EiVwS3fn7PjvmhotUDcQScSkkGqXA3CwMt08P0D7LnxxQ9ZvBtNKiCiBALmlMsWdmWS2qpO4aeeEPuDkR5wgp2oklyIeOsvtBuNiDFpWMKB2BXejjo8va6huIgZHHWRa96sOnM2Yd8lnvMth9PJADCaOhtKwPRpZ2A3EFA6GwkrcV385WSI2nrHG5OH3cFivTvu5TZCYQ9o58zKc31h593KpB5ND0VavH9ovWZqs0BuXZHNDkkrWnhCvXDubf87492x9loqdLYfHIWz4sksQEniAH3IsEon1EAY7jOs64nSk6VYaWtuojHDIK0AePOXBEMtHxThvUvxoTtBK6xLpGg5F10WMXytf9qQuBqMcm8EXkpYryZirdH4xRYPH7FHvbrpDMgiPVIdHLhi3OmM5HlDnniiwg1WoZrTDIakakeJOWS0fcdrbLWTU3VLh6KEiFDMRtPuOcMUDMZBEsdtdKUMdH9JXyddJJAjsfiWwSN99bqhethhFDQfUFfnHQvw04PvVnPq3CXVoOeHIlUh1dum61og25r2P2uiDRQfAKndP50fBHPv6oFXKCy48Jx7l5fwt6e0EPQrZrGbajPvp56
@.reloc
@.reloc
X l.dlT
X l.dlT
v2.0.50727
v2.0.50727
TheHostV.dll
TheHostV.dll
System.Reflection
System.Reflection
.cctor
.cctor
kernel32.dll
kernel32.dll
System.Threading
System.Threading
.ctor
.ctor
System.IO
System.IO
System.Collections.Generic
System.Collections.Generic
orderCmd
orderCmd
isChromeInstalled
isChromeInstalled
OperatingSystem
OperatingSystem
Firefox
Firefox
Chrome
Chrome
System.Xml
System.Xml
System.Collections
System.Collections
urllist
urllist
get_Urls
get_Urls
System.Globalization
System.Globalization
Urls
Urls
System.Windows.Forms
System.Windows.Forms
WebBrowser
WebBrowser
mappurl
mappurl
System.ComponentModel
System.ComponentModel
System.Collections.Specialized
System.Collections.Specialized
System.Windows.Forms.Layout
System.Windows.Forms.Layout
System.Text.RegularExpressions
System.Text.RegularExpressions
WebClient
WebClient
System.Net
System.Net
IWebProxy
IWebProxy
System.Text
System.Text
System.Drawing
System.Drawing
RemoteProcess.Controls
RemoteProcess.Controls
webBrowser1
webBrowser1
get_Url
get_Url
set_Url
set_Url
user32.dll
user32.dll
ISupportInitialize
ISupportInitialize
instalarEXE
instalarEXE
System.Diagnostics
System.Diagnostics
WebRequest
WebRequest
HttpWebRequest
HttpWebRequest
WebResponse
WebResponse
WebHeaderCollection
WebHeaderCollection
HttpStatusCode
HttpStatusCode
HttpWebResponse
HttpWebResponse
displayUrl
displayUrl
appUrl
appUrl
appUrlNotNormalized
appUrlNotNormalized
silentreport
silentreport
reporturl
reporturl
policyUrl
policyUrl
uninstallurl
uninstallurl
ADWurl
ADWurl
AddUninstallUrls
AddUninstallUrls
IsValidUrl
IsValidUrl
RegistryKey
RegistryKey
Microsoft.Win32
Microsoft.Win32
System.Security.Principal
System.Security.Principal
checkkey
checkkey
get_Checkkey
get_Checkkey
set_Checkkey
set_Checkkey
Checkkey
Checkkey
RegKey
RegKey
NoRegKey
NoRegKey
RemotoProces.Properties
RemotoProces.Properties
System.Configuration
System.Configuration
KERNEL32.DLL
KERNEL32.DLL
lpKeyName
lpKeyName
dictionaryurl
dictionaryurl
appurl
appurl
ProcessWindowStyle
ProcessWindowStyle
FindExecutableA
FindExecutableA
FindExecutable
FindExecutable
shell32.dll
shell32.dll
urlConfig
urlConfig
templateUrl
templateUrl
dockungUrl
dockungUrl
GratitudeUrl
GratitudeUrl
AbortedUrl
AbortedUrl
SilentAbortUrl
SilentAbortUrl
domainurl
domainurl
WebmasterId
WebmasterId
System.Management
System.Management
WindowsIdentity
WindowsIdentity
WindowsPrincipal
WindowsPrincipal
WindowsBuiltInRole
WindowsBuiltInRole
CreateSubKey
CreateSubKey
EnumerateSubKeys
EnumerateSubKeys
WOW64_32Key
WOW64_32Key
WOW64_64Key
WOW64_64Key
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
RegOpenKeyEx
RegOpenKeyEx
Advapi32.dll
Advapi32.dll
hKey
hKey
lpSubKey
lpSubKey
RegCloseKey
RegCloseKey
advapi32.dll
advapi32.dll
GetRegKey64
GetRegKey64
inKeyName
inKeyName
GetRegKey32
GetRegKey32
in32or64key
in32or64key
StaticRegkey
StaticRegkey
Getkey
Getkey
RegistryKeys
RegistryKeys
ScreenOperations
ScreenOperations
HijoInstalado
HijoInstalado
HttpRequestHeader
HttpRequestHeader
urlLoading
urlLoading
xmlUrl
xmlUrl
trackUrl
trackUrl
staticUrl
staticUrl
keyword
keyword
get_UrlLoading
get_UrlLoading
set_UrlLoading
set_UrlLoading
get_XmlUrl
get_XmlUrl
set_XmlUrl
set_XmlUrl
get_TrackUrl
get_TrackUrl
set_TrackUrl
set_TrackUrl
get_StaticUrl
get_StaticUrl
set_StaticUrl
set_StaticUrl
get_Keyword
get_Keyword
set_Keyword
set_Keyword
UrlLoading
UrlLoading
XmlUrl
XmlUrl
TrackUrl
TrackUrl
StaticUrl
StaticUrl
Keyword
Keyword
ExtendedWebClient
ExtendedWebClient
GetWebRequest
GetWebRequest
user32.DLL
user32.DLL
wMsg
wMsg
WebBrowserDocumentCompletedEventArgs
WebBrowserDocumentCompletedEventArgs
wbMain_PreviewKeyDown
wbMain_PreviewKeyDown
PreviewKeyDownEventArgs
PreviewKeyDownEventArgs
Keys
Keys
FormWindowState
FormWindowState
WebBrowserReadyState
WebBrowserReadyState
System.Net.Configuration
System.Net.Configuration
Microsoft.mshtml
Microsoft.mshtml
Trackingurls
Trackingurls
graphiteUrl
graphiteUrl
lastXmlurl
lastXmlurl
uninstallurls
uninstallurls
checkurls
checkurls
get_GraphiteUrl
get_GraphiteUrl
set_GraphiteUrl
set_GraphiteUrl
get_LastXmlurl
get_LastXmlurl
set_LastXmlurl
set_LastXmlurl
keystring
keystring
generateUrl
generateUrl
openUrl
openUrl
sendByUDP
sendByUDP
port
port
webtrack
webtrack
System.Security.Cryptography
System.Security.Cryptography
System.Net.Sockets
System.Net.Sockets
GraphiteUrl
GraphiteUrl
LastXmlurl
LastXmlurl
urlXML
urlXML
urlStatic
urlStatic
urlTracker
urlTracker
DownloadUrl
DownloadUrl
_downloadUrls
_downloadUrls
urls
urls
System.IO.Compression
System.IO.Compression
InvalidOperationException
InvalidOperationException
apiurl
apiurl
get_Apiurl
get_Apiurl
set_Apiurl
set_Apiurl
Apiurl
Apiurl
{B5A74BFD-C62B-4AB3-8413-5D0E6C4D2AFC}
{B5A74BFD-C62B-4AB3-8413-5D0E6C4D2AFC}
System.Resources
System.Resources
System.Runtime.CompilerServices
System.Runtime.CompilerServices
System.Runtime.InteropServices
System.Runtime.InteropServices
System.CodeDom.Compiler
System.CodeDom.Compiler
RemoteProcess.Contact.resources
RemoteProcess.Contact.resources
RemoteProcess.Controls.Banner.resources
RemoteProcess.Controls.Banner.resources
RemoteProcess.Controls.Form1.resources
RemoteProcess.Controls.Form1.resources
RemoteProcess.Debug.resources
RemoteProcess.Debug.resources
RemoteProcess.MainForm.resources
RemoteProcess.MainForm.resources
Join
Join
set_UseShellExecute
set_UseShellExecute
get_DefaultWebProxy
get_DefaultWebProxy
OpenSubKey
OpenSubKey
GetSubKeyNames
GetSubKeyNames
set_WindowStyle
set_WindowStyle
WebException
WebException
set_WindowState
set_WindowState
set_WebBrowserShortcutsEnabled
set_WebBrowserShortcutsEnabled
WebBrowserDocumentCompletedEventHandler
WebBrowserDocumentCompletedEventHandler
PreviewKeyDownEventHandler
PreviewKeyDownEventHandler
add_PreviewKeyDown
add_PreviewKeyDown
set_IsInputKey
set_IsInputKey
get_KeyCode
get_KeyCode
get_WindowState
get_WindowState
get_ExecutablePath
get_ExecutablePath
set_TransparencyKey
set_TransparencyKey
set_AllowWebBrowserDrop
set_AllowWebBrowserDrop
set_IsWebBrowserContextMenuEnabled
set_IsWebBrowserContextMenuEnabled
set_Key
set_Key
get_Key
get_Key
ConfuserEx v0.1.0-21-g8d974cf
ConfuserEx v0.1.0-21-g8d974cf
7.7.6.7
7.7.6.7
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
11.0.0.0
...LXXX
...LXXX
4!%s)
4!%s)
w.AOd(
w.AOd(
r].oz~
r].oz~
-v..vw// !
-v..vw// !
8~
8~
8~
8~
8~
8~
?=
?=
'$&$ .,,-#
'$&$ .,,-#
(CS`)?Nj(>Lp(>LuŸx
(CS`)?Nj(>Lp(>LuŸx
%sy5|l
%sy5|l
rv2.0.50727
rv2.0.50727
v4.0.30319
v4.0.30319
RemoteProcess.Program
RemoteProcess.Program
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\dfsD.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\dfsD.tmp
c:\%original file name%.exe
c:\%original file name%.exe
%original file name%.exe_1876_rwx_00401000_000B8000:
vSSSh
vSSSh
FTPjK
FTPjK
FtPj;
FtPj;
C.PjRV
C.PjRV
U9f1Bpa2C9u46NjSZZD7Rqom7eRtApomywhK8GKRLftCwBJ0P6g5Zq9DU33wIQBnViGJGITtoWwM7W0FF0OEitwhxN0fMoi4NfRnD2wnKJIPxKxdDu5QtgbpS4fFaoxvax9I7W44UphNF4SNnbA9xJPTgzaJX1nwlmOaLZgRAb6e8xUXmCr8Xy8ASpBHVug2cVBspRby0GeYTkeeaoUTY530eh1MLMkH46oQQt3jryyRVqXLSGRpji4skPzXA35nvG4X5yxQuLBAHmeXuq3f45yVb6Fb4gSyCkvpw9Pujb4IuaTRM77y3ju1IcoJS6VoU1VsBHHSqwdknSyt0V8KRLLRNIWAQC0K2WnDpBpeAohHfkOZO4T67lGiqdO3UhbXFCsAF4eyG4jDDdMDAkvzv6CVCWSdLECbgKjhsTUlBLG0lBRy4R5sxdEWCknJzydKUTGBc9NQAj8UzLKaeti4JjNdfxPiFkWcH6fB4qw4do2ofTw0JnFfaeKvU8lWPgPH5Ci4ey9r6FtDs1FTiRXdgW8UvC9uw6ocARKO37CHjImFUhd2DCN7tLAjEyJMzP49qrdLr00lpp4HKD9nzg04trSYvbEYM3t4PE1bBoHlDPFBzztOPG1BAchZLBclVNWWVOiBlrTujkBqbks6SZjfc2DMxbAalvA02SQVq2DxXGsqL0XAigD5DRU3kFejqrSVNhuBwLAYWFqvf74GkRpYhHLh1H6FXB9jloi2oKXLZPn0d7dgRqoJb3NgGnKZP4avFhk0YbsJ3O9CtUd3EZYHnAhrKbwaa854koSXJzZhuLd3HnwnN9jnsz6oGMMbkYCx1sruLT6WgDJvYmhZe75zVpYVsEr7WY6GjPco6cL4dwhZZKztEX6m2cLMEFchC9arGdmitQlG3pKlAtUAOcMn3uvGXWwXEu9CrqTbiu0ij5eTbvin0pLgUwoFs7lHtxcJqh4kJTrulEd8pMEBOi7pT3R4bnSkitYW2FC3B7NgE5tcYvX0UzR35rflCZCnGGoTHkJuu5nuzacKa7Cno3K0QjcVu4N0lTH7RJEOWDGZmxE5pEkExo8M6xcyhYaArxiPDe2BDXBVxUOtGiBQSn04cpS3RL3guzafgzAz1Aq4zuoj4uR9g3tpDrwE3UsJ4drGb9KgRcYr66FRbI8w33aAfUMYd5FhiR9vdRi5ULsefctGWODu46kDGAmuQhGembWBdHeWXBMc0SGzczUC2VlzB3SZ0VErACjaBuaWzj2CuhNY3WsrwelB0x9jYo6b7uMxJG7Rz8cS2Sftq46dDm4v22sZwVY6bqXlFKRZ9bBxhc2pdUYiQxH9fTRPFC9bBoQv9qYVJRsJnhtZacVL7QpOSXgV3btHcz52vGqW6cJ8e8W7z1PCQxeV8cNle1jUeDbxVrc4mpRQlXCZqdzA9CwAp5tvCCb8G0ZlZFv3tjzSqLuNwVWaCSVMhKhZ8RBToSku8q9USGh0dNkNLQ8QQaGXfmeoxF4LLwiAVrlgdUvp2ixLeL7zyctLfsg9jGqS9L1lo2Iayc1c1ivroSgI2QsIdGuClm7HEMpqrlxld6bvlqT77YUBzR0ttsiRHfZmfuHpsNJh6xpiIbM9n7fIlXv0wWDVNaX8Iq468MvNOov8GCKVHpVc9Rpb6B4FkXD5KqKrhPbLMC37Cwu3mRnypV80b2aGRZC0Uzyp2sO2d1tFEEwUwRvFMHl6Tnz4D6CcI6ZcEy8uQHlON0GYG8xjd0kNMzHBuYPhzr6HOuq8TbZewHs2RLxFJs9RVlAe0G922eow38jmRzAbPe8eTSxYC7wofRzdTXoPTWaNW9aaW2yidrmhlxgwvamQh1Mk2dL86jz3eurTSwcKInlXFr2wQ2uSJtF5w0hTqAm42sd0fwN98Mi3aZKKiW2ZmANnOoXXXZmJedBAaeNucFhPgOXPjfeC9Z4e2D6iMIJtKM86yjJdjIXRt7h9AhNRUUJojwHGiERD5XfDP0raFbtBcmV5
U9f1Bpa2C9u46NjSZZD7Rqom7eRtApomywhK8GKRLftCwBJ0P6g5Zq9DU33wIQBnViGJGITtoWwM7W0FF0OEitwhxN0fMoi4NfRnD2wnKJIPxKxdDu5QtgbpS4fFaoxvax9I7W44UphNF4SNnbA9xJPTgzaJX1nwlmOaLZgRAb6e8xUXmCr8Xy8ASpBHVug2cVBspRby0GeYTkeeaoUTY530eh1MLMkH46oQQt3jryyRVqXLSGRpji4skPzXA35nvG4X5yxQuLBAHmeXuq3f45yVb6Fb4gSyCkvpw9Pujb4IuaTRM77y3ju1IcoJS6VoU1VsBHHSqwdknSyt0V8KRLLRNIWAQC0K2WnDpBpeAohHfkOZO4T67lGiqdO3UhbXFCsAF4eyG4jDDdMDAkvzv6CVCWSdLECbgKjhsTUlBLG0lBRy4R5sxdEWCknJzydKUTGBc9NQAj8UzLKaeti4JjNdfxPiFkWcH6fB4qw4do2ofTw0JnFfaeKvU8lWPgPH5Ci4ey9r6FtDs1FTiRXdgW8UvC9uw6ocARKO37CHjImFUhd2DCN7tLAjEyJMzP49qrdLr00lpp4HKD9nzg04trSYvbEYM3t4PE1bBoHlDPFBzztOPG1BAchZLBclVNWWVOiBlrTujkBqbks6SZjfc2DMxbAalvA02SQVq2DxXGsqL0XAigD5DRU3kFejqrSVNhuBwLAYWFqvf74GkRpYhHLh1H6FXB9jloi2oKXLZPn0d7dgRqoJb3NgGnKZP4avFhk0YbsJ3O9CtUd3EZYHnAhrKbwaa854koSXJzZhuLd3HnwnN9jnsz6oGMMbkYCx1sruLT6WgDJvYmhZe75zVpYVsEr7WY6GjPco6cL4dwhZZKztEX6m2cLMEFchC9arGdmitQlG3pKlAtUAOcMn3uvGXWwXEu9CrqTbiu0ij5eTbvin0pLgUwoFs7lHtxcJqh4kJTrulEd8pMEBOi7pT3R4bnSkitYW2FC3B7NgE5tcYvX0UzR35rflCZCnGGoTHkJuu5nuzacKa7Cno3K0QjcVu4N0lTH7RJEOWDGZmxE5pEkExo8M6xcyhYaArxiPDe2BDXBVxUOtGiBQSn04cpS3RL3guzafgzAz1Aq4zuoj4uR9g3tpDrwE3UsJ4drGb9KgRcYr66FRbI8w33aAfUMYd5FhiR9vdRi5ULsefctGWODu46kDGAmuQhGembWBdHeWXBMc0SGzczUC2VlzB3SZ0VErACjaBuaWzj2CuhNY3WsrwelB0x9jYo6b7uMxJG7Rz8cS2Sftq46dDm4v22sZwVY6bqXlFKRZ9bBxhc2pdUYiQxH9fTRPFC9bBoQv9qYVJRsJnhtZacVL7QpOSXgV3btHcz52vGqW6cJ8e8W7z1PCQxeV8cNle1jUeDbxVrc4mpRQlXCZqdzA9CwAp5tvCCb8G0ZlZFv3tjzSqLuNwVWaCSVMhKhZ8RBToSku8q9USGh0dNkNLQ8QQaGXfmeoxF4LLwiAVrlgdUvp2ixLeL7zyctLfsg9jGqS9L1lo2Iayc1c1ivroSgI2QsIdGuClm7HEMpqrlxld6bvlqT77YUBzR0ttsiRHfZmfuHpsNJh6xpiIbM9n7fIlXv0wWDVNaX8Iq468MvNOov8GCKVHpVc9Rpb6B4FkXD5KqKrhPbLMC37Cwu3mRnypV80b2aGRZC0Uzyp2sO2d1tFEEwUwRvFMHl6Tnz4D6CcI6ZcEy8uQHlON0GYG8xjd0kNMzHBuYPhzr6HOuq8TbZewHs2RLxFJs9RVlAe0G922eow38jmRzAbPe8eTSxYC7wofRzdTXoPTWaNW9aaW2yidrmhlxgwvamQh1Mk2dL86jz3eurTSwcKInlXFr2wQ2uSJtF5w0hTqAm42sd0fwN98Mi3aZKKiW2ZmANnOoXXXZmJedBAaeNucFhPgOXPjfeC9Z4e2D6iMIJtKM86yjJdjIXRt7h9AhNRUUJojwHGiERD5XfDP0raFbtBcmV5
lhYJZM6PHMrgApFIqW1jEbge0o8Ios8cjZq4QKSSAFpSr9dTcRRRIOUjaUTLOyBpOp6K9L2PeiS8WxW1koGGLqDFeh360hdcd9ebJx2nVemUBSd6w4AAnzDO74IKfkCRDNAPRibkJYmc0kLd4X9TWreYPNLPYsiLMFqXsypn2p0ymBXWsFPslS4mIL9dGvvrQLzv4XUG3VAH3tJdJG1tKYluKpEoXEWNJkbl9sWRIhQoNOPhWESrPp5zc54bGZwz8W8TsydqUjUDi7Q6KwBtWE8toLjdxVlTUrp1P5ZyABHFUJRp4xC4sskoRU6SEFqhiFHXXB4jXvTjPqEtLWuxFHzmbIZ3kEhbSJIpb4CCDtg7JbJAqNgSl2MKfvWoLa8snSAgRorRt14mACN9oXPGhu67XpeQ58R23KJ4y8yVFVhIIgW2LsrRGjgJdCoajTp68J8QdV4py4bwnyzQDmfMQ9wTEa06UxMVFkK8ifYZybsMiUwPcIH61iDEarWGH4EoZgfZXYrwK536Q5rmmLROGF7sepwaO2LvqU0whOP1Zwn5pGXf9Ku6n0SuiWVICrRRtHQ6e4eH5ZYjrbdHBraeIPizAgfP29OUQmzJGyxAYdnxIMSkVOwg0ZAFzp6ZLJj2iQiDew9yPMRonDzXy54nNH30V3krBHYo3uo2DogzO7Aoimr5ZjBPP5pLWsRkbryqOr7wGKjKCAtSzflGk9bGrnUPxPmrsXWxiBkZUBgVPEq2l4bOSxvbq18AGs81y2rON6K75vWS3q1W71DCNHI4CVhrCTtBCpwW3RU5LZL3DCb5jNTVRe3VzGH52rkvjVX3tQzvWHmchpIacHUuBbddIMLwkYduOpUROiMCoy8j10Oj8G2uH04hSUuRfcl8E2y1F0w4LrFqENfmQGzUTzZAzxF8LqLWTKEy4j26j8KQ85XxzTZcJYrsqoINvqFuQSH4jRsGNDLVYiBDKiJ2AIn5tliQLpL3Cpapy3nRAszgZroiJ0UGh4lCDqtIrG36xssUNL0VvDFaasFup4mgDhwLEq3cmC8a8F1H8EE7a9lOzlBlV9twuWDp5RpwSYI3EEbFA7vUAogD6SlsPTzlKP45scXThRT83NKaP0RtzJNHyPR0R2xvxLapXKrncUY1TadRcejYcgWbbwGMv7bpuxKrNunfJDqPVWXxL9XNTIsrZ8nAdO1e3p2XyahQpwQCLIIPXQitcvAvzl0SNFnI7FmGSAJvIDlmDb4Vi8N7fKRHYGxmjydUjiEfwc7wgXUIkn1yqfKP2pCxYORlcxljAAdva7tL6z8Ed32N97ZpJQ2erttNMXfcd9S6b5jTXkimSnoyYFDuN0fUPezQOP8jt5Bek6MeYfCyIPvee4ZhtVyn47r7FDfhl82WVkn1ql5emLNiift7kC4gmpuFM6zgesp9MruZJmgaK0hNE3B2OiN6GcP6sGnuWZ93vOF1VEx7v3FwhQbTFGB6PtDJLyHd9WoV0nr0xJhkvpnQ6OwzAQGUm1XsnGfDKLFi2jf4qJC12dsUd7MaJn646U0sYeet9zmTUfYWJBi0nP2iIcpq3e4xOKlhtWfmFi2D1I98i0BhfgQrLSSH8n36w69jz50y4CXJWt7aeDtpsEeyIbdPTxIS8waJW7LxHKS9sHerVSDF4OO12LKx2kOG3eKAtxog26RRVefb7V4b4dXuSiRkXzUwjVE0xVG1DLUuUM73DCA65Hyi1iKrq1gB4Q4WCgxzJFzf51NMcjcv9YBLwv9plpLMFszeSkBxeawzitnaE7pgYUCfosAghhnuX7O4UZk0qby1OsXITm4egfMqGW6GLWDQOcGs5vpWSP6lsFE7zkBX7yfSuxx82NpDISnMWENx6hvBjA8br9hAvQTq7Y7H8r4eADNKAcOeRBeNmBCtr6wJUrjV8UDRtQLjQsPS7OeX2LMN1XljDG6aOGvNUinPJ7Ua0474VUvN1JRiOF3lItnWTKEj6b7ZAyn41MX60ryS
lhYJZM6PHMrgApFIqW1jEbge0o8Ios8cjZq4QKSSAFpSr9dTcRRRIOUjaUTLOyBpOp6K9L2PeiS8WxW1koGGLqDFeh360hdcd9ebJx2nVemUBSd6w4AAnzDO74IKfkCRDNAPRibkJYmc0kLd4X9TWreYPNLPYsiLMFqXsypn2p0ymBXWsFPslS4mIL9dGvvrQLzv4XUG3VAH3tJdJG1tKYluKpEoXEWNJkbl9sWRIhQoNOPhWESrPp5zc54bGZwz8W8TsydqUjUDi7Q6KwBtWE8toLjdxVlTUrp1P5ZyABHFUJRp4xC4sskoRU6SEFqhiFHXXB4jXvTjPqEtLWuxFHzmbIZ3kEhbSJIpb4CCDtg7JbJAqNgSl2MKfvWoLa8snSAgRorRt14mACN9oXPGhu67XpeQ58R23KJ4y8yVFVhIIgW2LsrRGjgJdCoajTp68J8QdV4py4bwnyzQDmfMQ9wTEa06UxMVFkK8ifYZybsMiUwPcIH61iDEarWGH4EoZgfZXYrwK536Q5rmmLROGF7sepwaO2LvqU0whOP1Zwn5pGXf9Ku6n0SuiWVICrRRtHQ6e4eH5ZYjrbdHBraeIPizAgfP29OUQmzJGyxAYdnxIMSkVOwg0ZAFzp6ZLJj2iQiDew9yPMRonDzXy54nNH30V3krBHYo3uo2DogzO7Aoimr5ZjBPP5pLWsRkbryqOr7wGKjKCAtSzflGk9bGrnUPxPmrsXWxiBkZUBgVPEq2l4bOSxvbq18AGs81y2rON6K75vWS3q1W71DCNHI4CVhrCTtBCpwW3RU5LZL3DCb5jNTVRe3VzGH52rkvjVX3tQzvWHmchpIacHUuBbddIMLwkYduOpUROiMCoy8j10Oj8G2uH04hSUuRfcl8E2y1F0w4LrFqENfmQGzUTzZAzxF8LqLWTKEy4j26j8KQ85XxzTZcJYrsqoINvqFuQSH4jRsGNDLVYiBDKiJ2AIn5tliQLpL3Cpapy3nRAszgZroiJ0UGh4lCDqtIrG36xssUNL0VvDFaasFup4mgDhwLEq3cmC8a8F1H8EE7a9lOzlBlV9twuWDp5RpwSYI3EEbFA7vUAogD6SlsPTzlKP45scXThRT83NKaP0RtzJNHyPR0R2xvxLapXKrncUY1TadRcejYcgWbbwGMv7bpuxKrNunfJDqPVWXxL9XNTIsrZ8nAdO1e3p2XyahQpwQCLIIPXQitcvAvzl0SNFnI7FmGSAJvIDlmDb4Vi8N7fKRHYGxmjydUjiEfwc7wgXUIkn1yqfKP2pCxYORlcxljAAdva7tL6z8Ed32N97ZpJQ2erttNMXfcd9S6b5jTXkimSnoyYFDuN0fUPezQOP8jt5Bek6MeYfCyIPvee4ZhtVyn47r7FDfhl82WVkn1ql5emLNiift7kC4gmpuFM6zgesp9MruZJmgaK0hNE3B2OiN6GcP6sGnuWZ93vOF1VEx7v3FwhQbTFGB6PtDJLyHd9WoV0nr0xJhkvpnQ6OwzAQGUm1XsnGfDKLFi2jf4qJC12dsUd7MaJn646U0sYeet9zmTUfYWJBi0nP2iIcpq3e4xOKlhtWfmFi2D1I98i0BhfgQrLSSH8n36w69jz50y4CXJWt7aeDtpsEeyIbdPTxIS8waJW7LxHKS9sHerVSDF4OO12LKx2kOG3eKAtxog26RRVefb7V4b4dXuSiRkXzUwjVE0xVG1DLUuUM73DCA65Hyi1iKrq1gB4Q4WCgxzJFzf51NMcjcv9YBLwv9plpLMFszeSkBxeawzitnaE7pgYUCfosAghhnuX7O4UZk0qby1OsXITm4egfMqGW6GLWDQOcGs5vpWSP6lsFE7zkBX7yfSuxx82NpDISnMWENx6hvBjA8br9hAvQTq7Y7H8r4eADNKAcOeRBeNmBCtr6wJUrjV8UDRtQLjQsPS7OeX2LMN1XljDG6aOGvNUinPJ7Ua0474VUvN1JRiOF3lItnWTKEj6b7ZAyn41MX60ryS
LuGGfibLOhACEzycTXhNtlwk8ij1HBuwBa0az78YLwyBL0OSoNgq6b4A7wI69jdnXebDJyNVZtc7W5JiEAN3udAzgAcdzbZCslOH8Chq53JaHK9PZvYOOavBXjaY9kJV5OcQNjVyHCIX0Z2XFZd99QgWg9wZCsrUtXf3ItcPKzhmCIL7qmsjhJWpHpJNX66okXDcU9omC3ekTxoe9BBVs7AZtk00cr6os3xcHXRRR837fETlYivGHGPoLrdDSlyl7020alHlUTdudDTZBOc35zQVniBqUn8GJSaoM3lMLkWXkvzO2D1trmMNRsMPw9dRmcKwpoFqh2NIvhHyGAFiHkOi9YkTuUL9ORShVdzO8KlzJdrKVoi5E4jcyBxAeV6xrN3OyzNDb1k78pJ5KlyzbONgaovZkUzHrb33lQmHQK9qcqIUxB6UbJMP4GPLx7cQA3TfXnM481SAOweTQLBSXOGSyn8OaLjTIs0iHC6kZcVj0lbHC54VGUBRoR1WlOf5LQjpMRGpHr3KMAEOpFHLytewbiSmiA4Gcdz42OIfCVDo10fYnmHPhDHsMXnE8ughwxHIaKWL7BjNZZEkd4853pyJHzcexIUaQh9VvOy8LbyBQNbmTdV4RhEsOa0qC4jZKD5QK4ZXuBKtGZw3xZutWZtIMRhvXhGR1I0mSuMZn8JqHkVZO63MJZcVkwd2yEA8hp4USYfvpMItFhPL6iIwUgRpjpLlv34EuZeizyjhMmz0X0R4eJvp6dobHPKDm39vRe9PdGlH8BUIQ0BsHRhWIOHqLcKUXQ4S7jOlgUnJEtnn3HJ3OZ6nx2GzX6prb5MhBdkuJzFaxqgQFOJlic5AKyifMoyjF6IIRfWZwptou6ZhWZ3ixdi89lGc5fRubvEBRH9z46eAaOrs2su0ThloaLuQ9xFcj3ugDyuCWc91fUx7QOLKkKAqs10yMP9HAbrhukZD71eRhujpow9vV52IDdYLI60gcBAeDqNFYhMsSKuNa3LS8jR3WoCpMu6mkYtE5H6BG5s3T1VPxON5jvShcdvYiQt8HLV4r0SC7kmc1Xk4DX27RacYfmB1mitZMtwhg0yG6k89jQpowJ0quPAhJ3oId6aVth0Y4q1F8zSHTHCXOm3WEyXKnQ9nPR7d004fM8BgRur473xcAB40dnr5tpLnqO0rCOQ2MxkQVWfkg2Nut7XnzNDOATSWbhVW6j0MbXxb9rdktIUJpoH962oMcjRk1t8impOB3tjd9LIhJtu18jGWJV0e5oJ1gnkQs58d3tP5fDautgdTYZlSWlJAoVK5v4FdrSGbjrKlqpcrZYI3QpgGQfWsSER2f3pUdvZXlTjBoWacmKNznQogX8xl6nsPJSgw9snE9US7gOr4eTgi1rPyPj7e7N07GhAKCKFAW4eMzbjOjzEjrtDNvl3IGmRLYCdDLF7TmOdPwtCjsvBUSl9nOWprQ63KmDX67QcNCU7MpXrbTUqlU73NDZYZqPcqVDC2PS7G2f72085AXpkp42pVTA4NtkqokiQWAXUsviqREN3GvWv27xRY5nUpXtmRZTSRsi99E24WLHqfGxsHZyrWB10mdFFb5I1V5lomwFgpNlMY8R3wYqdQxsj7PL0ophYEvVx37GxlTCgL6ED1CAlnUQxxKFBVO29GxiDnu9zs2275lIbkh8WY6KUOy9sBeMG1CKoXbqHCLLCOhFjM3erci2NmQ97ODeQwvPj0zLgkjNJFciylAeEHqCVXgP9G3cuH4fsBwtmr8g2EsijHLVnzJjg34vTUMJrgtcK606Zh1mIkbgPGC6hd6BIhlXVq1R75tP61PuuxXMR57pOSDG2XFEK1CYXUKqgfhsPwjY0hMTpuUNk5jdWuYjzYeey1HKWHFMXPJrIOQUlVoqhY8C7hPSauqNNianUHfWVSu8vUX9TkukX2pBsQFLisZlc7JdgP47vBNaS9gnuQ9Z9fZU3I4dcDNC3j5xlU3epwZvpoTsKsrCt9l7hY
LuGGfibLOhACEzycTXhNtlwk8ij1HBuwBa0az78YLwyBL0OSoNgq6b4A7wI69jdnXebDJyNVZtc7W5JiEAN3udAzgAcdzbZCslOH8Chq53JaHK9PZvYOOavBXjaY9kJV5OcQNjVyHCIX0Z2XFZd99QgWg9wZCsrUtXf3ItcPKzhmCIL7qmsjhJWpHpJNX66okXDcU9omC3ekTxoe9BBVs7AZtk00cr6os3xcHXRRR837fETlYivGHGPoLrdDSlyl7020alHlUTdudDTZBOc35zQVniBqUn8GJSaoM3lMLkWXkvzO2D1trmMNRsMPw9dRmcKwpoFqh2NIvhHyGAFiHkOi9YkTuUL9ORShVdzO8KlzJdrKVoi5E4jcyBxAeV6xrN3OyzNDb1k78pJ5KlyzbONgaovZkUzHrb33lQmHQK9qcqIUxB6UbJMP4GPLx7cQA3TfXnM481SAOweTQLBSXOGSyn8OaLjTIs0iHC6kZcVj0lbHC54VGUBRoR1WlOf5LQjpMRGpHr3KMAEOpFHLytewbiSmiA4Gcdz42OIfCVDo10fYnmHPhDHsMXnE8ughwxHIaKWL7BjNZZEkd4853pyJHzcexIUaQh9VvOy8LbyBQNbmTdV4RhEsOa0qC4jZKD5QK4ZXuBKtGZw3xZutWZtIMRhvXhGR1I0mSuMZn8JqHkVZO63MJZcVkwd2yEA8hp4USYfvpMItFhPL6iIwUgRpjpLlv34EuZeizyjhMmz0X0R4eJvp6dobHPKDm39vRe9PdGlH8BUIQ0BsHRhWIOHqLcKUXQ4S7jOlgUnJEtnn3HJ3OZ6nx2GzX6prb5MhBdkuJzFaxqgQFOJlic5AKyifMoyjF6IIRfWZwptou6ZhWZ3ixdi89lGc5fRubvEBRH9z46eAaOrs2su0ThloaLuQ9xFcj3ugDyuCWc91fUx7QOLKkKAqs10yMP9HAbrhukZD71eRhujpow9vV52IDdYLI60gcBAeDqNFYhMsSKuNa3LS8jR3WoCpMu6mkYtE5H6BG5s3T1VPxON5jvShcdvYiQt8HLV4r0SC7kmc1Xk4DX27RacYfmB1mitZMtwhg0yG6k89jQpowJ0quPAhJ3oId6aVth0Y4q1F8zSHTHCXOm3WEyXKnQ9nPR7d004fM8BgRur473xcAB40dnr5tpLnqO0rCOQ2MxkQVWfkg2Nut7XnzNDOATSWbhVW6j0MbXxb9rdktIUJpoH962oMcjRk1t8impOB3tjd9LIhJtu18jGWJV0e5oJ1gnkQs58d3tP5fDautgdTYZlSWlJAoVK5v4FdrSGbjrKlqpcrZYI3QpgGQfWsSER2f3pUdvZXlTjBoWacmKNznQogX8xl6nsPJSgw9snE9US7gOr4eTgi1rPyPj7e7N07GhAKCKFAW4eMzbjOjzEjrtDNvl3IGmRLYCdDLF7TmOdPwtCjsvBUSl9nOWprQ63KmDX67QcNCU7MpXrbTUqlU73NDZYZqPcqVDC2PS7G2f72085AXpkp42pVTA4NtkqokiQWAXUsviqREN3GvWv27xRY5nUpXtmRZTSRsi99E24WLHqfGxsHZyrWB10mdFFb5I1V5lomwFgpNlMY8R3wYqdQxsj7PL0ophYEvVx37GxlTCgL6ED1CAlnUQxxKFBVO29GxiDnu9zs2275lIbkh8WY6KUOy9sBeMG1CKoXbqHCLLCOhFjM3erci2NmQ97ODeQwvPj0zLgkjNJFciylAeEHqCVXgP9G3cuH4fsBwtmr8g2EsijHLVnzJjg34vTUMJrgtcK606Zh1mIkbgPGC6hd6BIhlXVq1R75tP61PuuxXMR57pOSDG2XFEK1CYXUKqgfhsPwjY0hMTpuUNk5jdWuYjzYeey1HKWHFMXPJrIOQUlVoqhY8C7hPSauqNNianUHfWVSu8vUX9TkukX2pBsQFLisZlc7JdgP47vBNaS9gnuQ9Z9fZU3I4dcDNC3j5xlU3epwZvpoTsKsrCt9l7hY
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
operator
operator
ADVAPI32.DLL
ADVAPI32.DLL
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
portuguese-brazilian
portuguese-brazilian
KERNEL32.dll
KERNEL32.dll
RegOpenKeyExW
RegOpenKeyExW
ADVAPI32.dll
ADVAPI32.dll
OLEAUT32.dll
OLEAUT32.dll
mscoree.dll
mscoree.dll
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
JQpRxmAGvMD9V8POG6llIXOxIwzbRYadqHl2HMZmdvnOsukS95EPnvwWb2ibXyYHMASoWWh3g8hnJafnlRcVtvZ5kz1ODYzPGQb1VVfSHQbl9jNn95sZ7e3z4e706msQTeqzMdWvZBS7R5vzL2kQX1mbzD8RYoWvyvC42oL6i79Fv6S9SIpdcL211oaiffGLPxIwDAGw6LxLi03e4LWTtkN036EAfdqm4bPGyuIJV9nJz85lFcAXbsDMe2kj5ep2ukRhlwPJdn8u6eB4bs4cMDlLIcBFkyNQUvoorYaiw1TYxNHeHIKzEkpnEX2FmZCrqAlALhBpzadf1NaxKWP4QGh6uPjurjcIXJW7CgDAhvaEgkw0XF5AkHLUtpg57g7q7Fsr1c5DsoXvGNZk6srxxOcafUmNAG423Q7hq3GAedYR4gjoKbb9eKI9jSN5tJV2ic1W4T5cW0suZuf8L8dzF5Xsh77IpKhEs6I1pwu0f8nnrokYNOuuOqshQ4inX69kfnR1YPzfwqqaNMRsoteGdgvZeDrmjINgsGlE03R5h2iy9sDemZ8E1Dg922Xuxm5YMkRhBmCuMiyl86ZW9n9uJjoZ4zKj3hffhk5gtjyOpi8GCllgL7wsmOSBA7lEgPKyzinbdqOnNSmUNa9ToEH6VW3DBEQw83HKHKgt7kcvtiODB8Xz8CpMhNMNpUJJhZKgYOIQy33EBJ8qoT7wMShRygJVJspVU7i54mW6NwVbgUueNepEPsnzR2SRfXgfNiTEAdvb6aTp7gLOVEhEcUgBTSncEf1ZqPx8vWjVa38j7thPuGY0LV2aJ2qAAgg9AF9olGz7RUTvvpD6LK1KTc4aYRvDGTv4X8SBt3EYh1i0bHOtytYZoFqyL9zEl5A7zZHwGcMSth3Tr6aAgVkOPLKt9jFybAFb7Tr87ak90qFupWuB62GOmSfVXyMVN3P2L1VIPcDgKkYygpenYeCj31ZoNGkIyzv6KMSxaWW4yAdcI4bkvlb0qLSxZHQ0G3ZCBMKyCuKOCCbcIQLen2NLxVLgeriU3anwvPR5tNSaKxxYKQYi5LNOqoePbEuklZVCoPQ39PVJjMaayXGyNgPO5GVbSE3bOFFPEXq96tzCuCFp1wzq9Ixf9be0YhZs2BY0YP2efqztRmtDbFkwfMcgiAQDSzlYEgK2OOAmDulSjdxWRKZs7DmpOGKtbXAUa0TF0oHNxwQBbx8FZ0v3SlZipLUmhJ5EUtgujDdn8F98B1UqHeDlBGbZaKqoDuGYBlQRrOwwXi5mm1Qy1EPcfUcorrtIqKunUmtuJKMKCW5IsYTzrlB7dhjxtqxhmdHbpAEY4Lv4rY5SqplnTv6fjwjNc6atmExyp4s2t5EQ0HPolBgeeky1hC23q0V8KbRXi0EiVwS3fn7PjvmhotUDcQScSkkGqXA3CwMt08P0D7LnxxQ9ZvBtNKiCiBALmlMsWdmWS2qpO4aeeEPuDkR5wgp2oklyIeOsvtBuNiDFpWMKB2BXejjo8va6huIgZHHWRa96sOnM2Yd8lnvMth9PJADCaOhtKwPRpZ2A3EFA6GwkrcV385WSI2nrHG5OH3cFivTvu5TZCYQ9o58zKc31h593KpB5ND0VavH9ovWZqs0BuXZHNDkkrWnhCvXDubf87492x9loqdLYfHIWz4sksQEniAH3IsEon1EAY7jOs64nSk6VYaWtuojHDIK0AePOXBEMtHxThvUvxoTtBK6xLpGg5F10WMXytf9qQuBqMcm8EXkpYryZirdH4xRYPH7FHvbrpDMgiPVIdHLhi3OmM5HlDnniiwg1WoZrTDIakakeJOWS0fcdrbLWTU3VLh6KEiFDMRtPuOcMUDMZBEsdtdKUMdH9JXyddJJAjsfiWwSN99bqhethhFDQfUFfnHQvw04PvVnPq3CXVoOeHIlUh1dum61og25r2P2uiDRQfAKndP50fBHPv6oFXKCy48Jx7l5fwt6e0EPQrZrGbajPvp56
JQpRxmAGvMD9V8POG6llIXOxIwzbRYadqHl2HMZmdvnOsukS95EPnvwWb2ibXyYHMASoWWh3g8hnJafnlRcVtvZ5kz1ODYzPGQb1VVfSHQbl9jNn95sZ7e3z4e706msQTeqzMdWvZBS7R5vzL2kQX1mbzD8RYoWvyvC42oL6i79Fv6S9SIpdcL211oaiffGLPxIwDAGw6LxLi03e4LWTtkN036EAfdqm4bPGyuIJV9nJz85lFcAXbsDMe2kj5ep2ukRhlwPJdn8u6eB4bs4cMDlLIcBFkyNQUvoorYaiw1TYxNHeHIKzEkpnEX2FmZCrqAlALhBpzadf1NaxKWP4QGh6uPjurjcIXJW7CgDAhvaEgkw0XF5AkHLUtpg57g7q7Fsr1c5DsoXvGNZk6srxxOcafUmNAG423Q7hq3GAedYR4gjoKbb9eKI9jSN5tJV2ic1W4T5cW0suZuf8L8dzF5Xsh77IpKhEs6I1pwu0f8nnrokYNOuuOqshQ4inX69kfnR1YPzfwqqaNMRsoteGdgvZeDrmjINgsGlE03R5h2iy9sDemZ8E1Dg922Xuxm5YMkRhBmCuMiyl86ZW9n9uJjoZ4zKj3hffhk5gtjyOpi8GCllgL7wsmOSBA7lEgPKyzinbdqOnNSmUNa9ToEH6VW3DBEQw83HKHKgt7kcvtiODB8Xz8CpMhNMNpUJJhZKgYOIQy33EBJ8qoT7wMShRygJVJspVU7i54mW6NwVbgUueNepEPsnzR2SRfXgfNiTEAdvb6aTp7gLOVEhEcUgBTSncEf1ZqPx8vWjVa38j7thPuGY0LV2aJ2qAAgg9AF9olGz7RUTvvpD6LK1KTc4aYRvDGTv4X8SBt3EYh1i0bHOtytYZoFqyL9zEl5A7zZHwGcMSth3Tr6aAgVkOPLKt9jFybAFb7Tr87ak90qFupWuB62GOmSfVXyMVN3P2L1VIPcDgKkYygpenYeCj31ZoNGkIyzv6KMSxaWW4yAdcI4bkvlb0qLSxZHQ0G3ZCBMKyCuKOCCbcIQLen2NLxVLgeriU3anwvPR5tNSaKxxYKQYi5LNOqoePbEuklZVCoPQ39PVJjMaayXGyNgPO5GVbSE3bOFFPEXq96tzCuCFp1wzq9Ixf9be0YhZs2BY0YP2efqztRmtDbFkwfMcgiAQDSzlYEgK2OOAmDulSjdxWRKZs7DmpOGKtbXAUa0TF0oHNxwQBbx8FZ0v3SlZipLUmhJ5EUtgujDdn8F98B1UqHeDlBGbZaKqoDuGYBlQRrOwwXi5mm1Qy1EPcfUcorrtIqKunUmtuJKMKCW5IsYTzrlB7dhjxtqxhmdHbpAEY4Lv4rY5SqplnTv6fjwjNc6atmExyp4s2t5EQ0HPolBgeeky1hC23q0V8KbRXi0EiVwS3fn7PjvmhotUDcQScSkkGqXA3CwMt08P0D7LnxxQ9ZvBtNKiCiBALmlMsWdmWS2qpO4aeeEPuDkR5wgp2oklyIeOsvtBuNiDFpWMKB2BXejjo8va6huIgZHHWRa96sOnM2Yd8lnvMth9PJADCaOhtKwPRpZ2A3EFA6GwkrcV385WSI2nrHG5OH3cFivTvu5TZCYQ9o58zKc31h593KpB5ND0VavH9ovWZqs0BuXZHNDkkrWnhCvXDubf87492x9loqdLYfHIWz4sksQEniAH3IsEon1EAY7jOs64nSk6VYaWtuojHDIK0AePOXBEMtHxThvUvxoTtBK6xLpGg5F10WMXytf9qQuBqMcm8EXkpYryZirdH4xRYPH7FHvbrpDMgiPVIdHLhi3OmM5HlDnniiwg1WoZrTDIakakeJOWS0fcdrbLWTU3VLh6KEiFDMRtPuOcMUDMZBEsdtdKUMdH9JXyddJJAjsfiWwSN99bqhethhFDQfUFfnHQvw04PvVnPq3CXVoOeHIlUh1dum61og25r2P2uiDRQfAKndP50fBHPv6oFXKCy48Jx7l5fwt6e0EPQrZrGbajPvp56
.text
.text
`.rsrc
`.rsrc
@.reloc
@.reloc
X l.dlT
X l.dlT
v2.0.50727
v2.0.50727
TheHostV.dll
TheHostV.dll
System.Reflection
System.Reflection
.cctor
.cctor
kernel32.dll
kernel32.dll
System.Threading
System.Threading
.ctor
.ctor
System.IO
System.IO
System.Collections.Generic
System.Collections.Generic
orderCmd
orderCmd
isChromeInstalled
isChromeInstalled
OperatingSystem
OperatingSystem
Firefox
Firefox
Chrome
Chrome
System.Xml
System.Xml
System.Collections
System.Collections
urllist
urllist
get_Urls
get_Urls
System.Globalization
System.Globalization
Urls
Urls
System.Windows.Forms
System.Windows.Forms
WebBrowser
WebBrowser
mappurl
mappurl
System.ComponentModel
System.ComponentModel
System.Collections.Specialized
System.Collections.Specialized
System.Windows.Forms.Layout
System.Windows.Forms.Layout
System.Text.RegularExpressions
System.Text.RegularExpressions
WebClient
WebClient
System.Net
System.Net
IWebProxy
IWebProxy
System.Text
System.Text
System.Drawing
System.Drawing
RemoteProcess.Controls
RemoteProcess.Controls
webBrowser1
webBrowser1
get_Url
get_Url
set_Url
set_Url
user32.dll
user32.dll
ISupportInitialize
ISupportInitialize
instalarEXE
instalarEXE
System.Diagnostics
System.Diagnostics
WebRequest
WebRequest
HttpWebRequest
HttpWebRequest
WebResponse
WebResponse
WebHeaderCollection
WebHeaderCollection
HttpStatusCode
HttpStatusCode
HttpWebResponse
HttpWebResponse
displayUrl
displayUrl
appUrl
appUrl
appUrlNotNormalized
appUrlNotNormalized
silentreport
silentreport
reporturl
reporturl
policyUrl
policyUrl
uninstallurl
uninstallurl
ADWurl
ADWurl
AddUninstallUrls
AddUninstallUrls
IsValidUrl
IsValidUrl
RegistryKey
RegistryKey
Microsoft.Win32
Microsoft.Win32
System.Security.Principal
System.Security.Principal
checkkey
checkkey
get_Checkkey
get_Checkkey
set_Checkkey
set_Checkkey
Checkkey
Checkkey
RegKey
RegKey
NoRegKey
NoRegKey
RemotoProces.Properties
RemotoProces.Properties
System.Configuration
System.Configuration
KERNEL32.DLL
KERNEL32.DLL
lpKeyName
lpKeyName
dictionaryurl
dictionaryurl
appurl
appurl
ProcessWindowStyle
ProcessWindowStyle
FindExecutableA
FindExecutableA
FindExecutable
FindExecutable
shell32.dll
shell32.dll
urlConfig
urlConfig
templateUrl
templateUrl
dockungUrl
dockungUrl
GratitudeUrl
GratitudeUrl
AbortedUrl
AbortedUrl
SilentAbortUrl
SilentAbortUrl
domainurl
domainurl
WebmasterId
WebmasterId
System.Management
System.Management
WindowsIdentity
WindowsIdentity
WindowsPrincipal
WindowsPrincipal
WindowsBuiltInRole
WindowsBuiltInRole
CreateSubKey
CreateSubKey
EnumerateSubKeys
EnumerateSubKeys
WOW64_32Key
WOW64_32Key
WOW64_64Key
WOW64_64Key
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
RegOpenKeyEx
RegOpenKeyEx
Advapi32.dll
Advapi32.dll
hKey
hKey
lpSubKey
lpSubKey
RegCloseKey
RegCloseKey
advapi32.dll
advapi32.dll
GetRegKey64
GetRegKey64
inKeyName
inKeyName
GetRegKey32
GetRegKey32
in32or64key
in32or64key
StaticRegkey
StaticRegkey
Getkey
Getkey
RegistryKeys
RegistryKeys
ScreenOperations
ScreenOperations
HijoInstalado
HijoInstalado
HttpRequestHeader
HttpRequestHeader
urlLoading
urlLoading
xmlUrl
xmlUrl
trackUrl
trackUrl
staticUrl
staticUrl
keyword
keyword
get_UrlLoading
get_UrlLoading
set_UrlLoading
set_UrlLoading
get_XmlUrl
get_XmlUrl
set_XmlUrl
set_XmlUrl
get_TrackUrl
get_TrackUrl
set_TrackUrl
set_TrackUrl
get_StaticUrl
get_StaticUrl
set_StaticUrl
set_StaticUrl
get_Keyword
get_Keyword
set_Keyword
set_Keyword
UrlLoading
UrlLoading
XmlUrl
XmlUrl
TrackUrl
TrackUrl
StaticUrl
StaticUrl
Keyword
Keyword
ExtendedWebClient
ExtendedWebClient
GetWebRequest
GetWebRequest
user32.DLL
user32.DLL
wMsg
wMsg
WebBrowserDocumentCompletedEventArgs
WebBrowserDocumentCompletedEventArgs
wbMain_PreviewKeyDown
wbMain_PreviewKeyDown
PreviewKeyDownEventArgs
PreviewKeyDownEventArgs
Keys
Keys
FormWindowState
FormWindowState
WebBrowserReadyState
WebBrowserReadyState
System.Net.Configuration
System.Net.Configuration
Microsoft.mshtml
Microsoft.mshtml
Trackingurls
Trackingurls
graphiteUrl
graphiteUrl
lastXmlurl
lastXmlurl
uninstallurls
uninstallurls
checkurls
checkurls
get_GraphiteUrl
get_GraphiteUrl
set_GraphiteUrl
set_GraphiteUrl
get_LastXmlurl
get_LastXmlurl
set_LastXmlurl
set_LastXmlurl
keystring
keystring
generateUrl
generateUrl
openUrl
openUrl
sendByUDP
sendByUDP
port
port
webtrack
webtrack
System.Security.Cryptography
System.Security.Cryptography
System.Net.Sockets
System.Net.Sockets
GraphiteUrl
GraphiteUrl
LastXmlurl
LastXmlurl
urlXML
urlXML
urlStatic
urlStatic
urlTracker
urlTracker
DownloadUrl
DownloadUrl
_downloadUrls
_downloadUrls
urls
urls
System.IO.Compression
System.IO.Compression
InvalidOperationException
InvalidOperationException
apiurl
apiurl
get_Apiurl
get_Apiurl
set_Apiurl
set_Apiurl
Apiurl
Apiurl
{B5A74BFD-C62B-4AB3-8413-5D0E6C4D2AFC}
{B5A74BFD-C62B-4AB3-8413-5D0E6C4D2AFC}
System.Resources
System.Resources
System.Runtime.CompilerServices
System.Runtime.CompilerServices
System.Runtime.InteropServices
System.Runtime.InteropServices
System.CodeDom.Compiler
System.CodeDom.Compiler
RemoteProcess.Contact.resources
RemoteProcess.Contact.resources
RemoteProcess.Controls.Banner.resources
RemoteProcess.Controls.Banner.resources
RemoteProcess.Controls.Form1.resources
RemoteProcess.Controls.Form1.resources
RemoteProcess.Debug.resources
RemoteProcess.Debug.resources
RemoteProcess.MainForm.resources
RemoteProcess.MainForm.resources
Join
Join
set_UseShellExecute
set_UseShellExecute
get_DefaultWebProxy
get_DefaultWebProxy
OpenSubKey
OpenSubKey
GetSubKeyNames
GetSubKeyNames
set_WindowStyle
set_WindowStyle
WebException
WebException
set_WindowState
set_WindowState
set_WebBrowserShortcutsEnabled
set_WebBrowserShortcutsEnabled
WebBrowserDocumentCompletedEventHandler
WebBrowserDocumentCompletedEventHandler
PreviewKeyDownEventHandler
PreviewKeyDownEventHandler
add_PreviewKeyDown
add_PreviewKeyDown
set_IsInputKey
set_IsInputKey
get_KeyCode
get_KeyCode
get_WindowState
get_WindowState
get_ExecutablePath
get_ExecutablePath
set_TransparencyKey
set_TransparencyKey
set_AllowWebBrowserDrop
set_AllowWebBrowserDrop
set_IsWebBrowserContextMenuEnabled
set_IsWebBrowserContextMenuEnabled
set_Key
set_Key
get_Key
get_Key
ConfuserEx v0.1.0-21-g8d974cf
ConfuserEx v0.1.0-21-g8d974cf
7.7.6.7
7.7.6.7
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
11.0.0.0
...LXXX
...LXXX
rv2.0.50727
rv2.0.50727
v4.0.30319
v4.0.30319
RemoteProcess.Program
RemoteProcess.Program
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\dfsD.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\dfsD.tmp
c:\%original file name%.exe
c:\%original file name%.exe
%original file name%.exe_1876_rwx_004CF000_00002000:
(CS`)?Nj(>Lp(>LuŸx
(CS`)?Nj(>Lp(>LuŸx
kernel32.dll
kernel32.dll
ADVAPI32.dll
ADVAPI32.dll
RegOpenKeyExW
RegOpenKeyExW
OLEAUT32.dll
OLEAUT32.dll
mscoree.dll
mscoree.dll
%sy5|l
%sy5|l
%original file name%.exe_1876_rwx_00AA2000_00009000:
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\dfsD.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\dfsD.tmp
%original file name%.exe_1876_rwx_02EDB000_00001000:
v2.0.50727
v2.0.50727
%original file name%.exe_1876_rwx_02F15000_00001000:
ntdll.dll
ntdll.dll
%original file name%.exe_1876_rwx_032B0000_00010000:
l.dlf
l.dlf