9eedac3a4453465c16a472a75f72f408
Jump to navigation
Jump to search
Description
Summary
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.
Identification
| MD5 | 9eedac3a4453465c16a472a75f72f408 |
|---|---|
| SHA1 | 767c20e76ceb377e071a197b85990dcc727936a3 |
| SHA256 | 0aeea864d06d282eb88c5cec1c99e1f425e01a6cfeaf68e2d8a35de06c5fdfa2 |
| ssdeep | 3072:9weNCC43smbuxXUVimqrjVw4cVlLDcnyEcRTLJR:mHtbux9/+RrLQyES |
| imphash | b0ba59893cfa9f7e031bb8106bfa8c8b |
| File size | 144.0 KB ( 147456 bytes ) |
| File type | Win32 EXE |
| Magic literal | PE32 executable for MS Windows (GUI) Intel 80386 32-bit |
| TrID |
|
Antivirus detection
| Antivirus | Detection | Update |
|---|---|---|
| Ad-Aware | Trojan.GenericKD.1708049 | 20140611 |
| AegisLab | 20140611 | |
| Agnitum | Trojan.Reconyc! | 20140610 |
| AhnLab-V3 | Backdoor/Win32.Trojan | 20140610 |
| AntiVir | TR/Tesch.B.55 | 20140611 |
| Antiy-AVL | Trojan/Win32.Reconyc | 20140611 |
| Avast | Win32:Malware-gen | 20140611 |
| AVG | Crypt3.UZE | 20140611 |
| Baidu-International | Trojan.Win32.Kryptik.BCDNI | 20140610 |
| BitDefender | Trojan.GenericKD.1708049 | 20140611 |
| Bkav | 20140606 | |
| ByteHero | 20140611 | |
| CAT-QuickHeal | 20140611 | |
| ClamAV | 20140611 | |
| CMC | 20140610 | |
| Commtouch | 20140611 | |
| Comodo | 20140611 | |
| DrWeb | Trojan.DownLoader11.15314 | 20140611 |
| Emsisoft | Trojan.GenericKD.1708049 (B) | 20140611 |
| ESET-NOD32 | a variant of Win32/Kryptik.CDNI | 20140611 |
| F-Prot | 20140610 | |
| F-Secure | Trojan.GenericKD.1708049 | 20140611 |
| Fortinet | W32/Kryptik.CDNI!tr | 20140611 |
| GData | Trojan.GenericKD.1708049 | 20140611 |
| Ikarus | Trojan.Crypt3 | 20140611 |
| Jiangmin | 20140611 | |
| K7AntiVirus | Trojan ( 0049b2af1 ) | 20140610 |
| K7GW | Trojan ( 0049b2af1 ) | 20140610 |
| Kaspersky | Trojan.Win32.Reconyc.bqwc | 20140611 |
| Kingsoft | Win32.Troj.Reconyc.bq.(kcloud) | 20140611 |
| Malwarebytes | 20140611 | |
| McAfee | RDN/Generic BackDoor!yp | 20140611 |
| McAfee-GW-Edition | RDN/Generic BackDoor!yp | 20140610 |
| Microsoft | Trojan:Win32/Tesch.B | 20140611 |
| MicroWorld-eScan | Trojan.GenericKD.1708049 | 20140611 |
| NANO-Antivirus | Trojan.Win32.Reconyc.dapfhl | 20140611 |
| Norman | Troj_Generic.UGUBA | 20140610 |
| nProtect | Trojan.GenericKD.1708049 | 20140610 |
| Panda | Trj/CI.A | 20140610 |
| Qihoo-360 | Win32/Trojan.10c | 20140611 |
| Rising | 20140610 | |
| Sophos | Mal/Generic-S | 20140611 |
| SUPERAntiSpyware | 20140611 | |
| Symantec | 20140611 | |
| Tencent | Win32.Trojan.Reconyc.Hzdt | 20140611 |
| TheHacker | 20140610 | |
| TotalDefense | 20140610 | |
| TrendMicro | TROJ_GEN.R0CBC0DF714 | 20140611 |
| TrendMicro-HouseCall | TROJ_GEN.R0CBC0DF714 | 20140611 |
| VBA32 | 20140610 | |
| VIPRE | Trojan.Win32.Generic!BT | 20140611 |
| ViRobot | 20140611 | |
| Zoner | 20140606 |
Links
- https://www.virustotal.com/en/file/0aeea864d06d282eb88c5cec1c99e1f425e01a6cfeaf68e2d8a35de06c5fdfa2/analysis/1402464863/
- https://malwr.com/analysis/NTY3OTMwOTg1ZTQwNDYxOGE1N2RiNmIxZGNkN2I4MzY/
- Download: https://www.dropbox.com/s/ihnkbf0my379y5w/9eedac3a4453465c16a472a75f72f408.zip (pass: infected)
Artifcats
Files modifications
The malware copies itself to %APPDATA%:
C:\Documents and Settings\%user%\Application Data\psvchost.exe
Registry modifications
Created keys
Persistence keys
- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- RestServiceWindows2014 = "C:\Documents and Settings\malware\Application Data\psvchost.exe"
Other created keys
- [HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum]
- 0 = "SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}"
- [HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum]
- 0 = "SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}"
Modified keys
| Key | Old value | New value |
|---|---|---|
| HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed | C2 70 C7 EE 77 95 93 FD 9C 4D B9 A1 1F 4A 6B 8F F3 54 A8 EE C9 54 92 FD F1 D7 08 69 25 C3 7F 18 AA B9 0A 98 E5 34 C2 D2 43 B8 F7 AE 25 D5 DB 69 C6 F3 63 74 F7 16 40 AE 8F 5F 5A 28 0B 2E C8 D6 54 91 D5 C7 47 8A A1 4F 57 B3 A5 EA DC D4 5C 6E | 3B 9E 52 7E 08 C5 35 0D 40 DE 6D A2 44 02 C8 0D 1D 2D B0 AF 8A BE 6C 8D 54 13 07 BA DB F5 54 A1 7E EE 4C DA A5 7F 2B 44 DE 56 5F C9 FB 6D 74 46 51 22 F1 98 56 A0 05 E0 FF BE 3C 7F 92 FA 37 98 3F 28 60 19 DC 72 2F F1 BC FE E2 78 2D 04 75 54 |
| HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\Count | 0x00000000 | 0x00000001 |
| HKLM\SYSTEM\ControlSet001\Services\kmixer\Enum\NextInstance | 0x00000000 | 0x00000001 |
| HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\Count | 0x00000000 | 0x00000001 |
| HKLM\SYSTEM\CurrentControlSet\Services\kmixer\Enum\NextInstance | 0x00000000 | 0x00000001 |
Network indicators
Contacted domains
| Domain | IP |
|---|---|
| adminpano.com | 37.59.15.14 |
| karamabalx.com | |
| loginorat.com | 37.59.15.15 |
Requests
The malware sends following HTTP requests over port 443:
00000000 01 00 2c 01 01 00 01 10 00 01 00 62 34 65 39 62 ..,..... ...b4e9b 00000010 32 36 38 2d 62 66 38 64 2d 34 36 62 39 2d 62 30 268-bf8d -46b9-b0 00000020 30 32 2d 38 30 30 38 33 37 63 36 63 35 35 62 02-80083 7c6c55b
Static Analysis
Sections
Name VirtAddr VirtSize RawSize Entropy -------------------------------------------------------------------------------- CODE 0x1000 0x1be38 0x1c000 6.489878 DATA 0x1d000 0x644 0x800 3.500230 BSS 0x1e000 0x971 0x0 0.000000 [SUSPICIOUS] .idata 0x1f000 0xb7e 0xc00 4.695638 .tls 0x20000 0xc 0x0 0.000000 [SUSPICIOUS] .rdata 0x21000 0x18 0x200 0.170146 [SUSPICIOUS] .reloc 0x22000 0x242c 0x2600 6.601378 .rsrc 0x25000 0x4000 0x4000 5.521753
Resources
Name RVA Size Lang Sublang Type -------------------------------------------------------------------------------- RT_BITMAP 0x25268 0x283c LANG_RUSSIAN SUBLANG_RUSSIAN RT_STRING 0x27aa4 0x54c LANG_NEUTRAL SUBLANG_NEUTRAL RT_STRING 0x27ff0 0x15c LANG_NEUTRAL SUBLANG_NEUTRAL RT_STRING 0x2814c 0xcc LANG_NEUTRAL SUBLANG_NEUTRAL RT_STRING 0x28218 0x1ec LANG_NEUTRAL SUBLANG_NEUTRAL RT_STRING 0x28404 0x3b0 LANG_NEUTRAL SUBLANG_NEUTRAL RT_STRING 0x287b4 0x354 LANG_NEUTRAL SUBLANG_NEUTRAL RT_STRING 0x28b08 0x2a4 LANG_NEUTRAL SUBLANG_NEUTRAL RT_RCDATA 0x28dac 0x10 LANG_NEUTRAL SUBLANG_NEUTRAL RT_RCDATA 0x28dbc 0xec LANG_NEUTRAL SUBLANG_NEUTRAL
IAT
Strings
string
WideStringh
TObjectt
TObjecth
System
IInterface
System
TInterfacedObject
u:hD
SVWUQ
Z]_^[
SVWU
YZ]_^[
SVWU
]_^[
SVWU
wA;t$
]_^[
SVWU
]_^[
SVWUQ
Z]_^[
SVWU
YZ]_^[
SVWU
uW;{
u:;{
]_^[
ZYYd
ZYYd
SVWU
]_^[
YZ^[
SVWU
]_^[
ZYYd
_^[YY]
QSVW
ZYYd
_^[Y]
SVWU
$;L$
$)D$
YZ]_^[
QSVW
Uh5&@
ZYYd
h<&@
_^[Y]
YZXu
SVWUQ
;"u3S
;"u<S
Z]_^[
ZYYd
^[Y]
r/f=
w)f%
uENt
u0Nt
u%Nt
U4,@
w%9
~KxI[)
2_^[
@v:k
@aQY
E@|o
BkU'9
ZYYd
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
SVW3
ZYYd
_^[YY]
2;0u
QSVW
Uh{4@
_^[Y]
PPRTj
YYZX
YZXtp
VWUd
SPRQ
T$(j
SVWU
u @B
]_^[
YZXtm1
SPRQ
SVWU
]_^[
ZTUWVSPRTj
]_^[
d$,1
,t\=
t=HtN
r6t0
t.Ht
PhF:@
Uh1;@
ZYYd
_^[]
QSVW
ZYYd
_^[Y]
h\=@
SVWU
]_^[
;_^[
SVWU
]_^[
t!R:
t-Rf;
t f;J
SVWRP
Z_^[X
uXJt
uAJt
u:Jt
It2S
t&J|
tVSVWU
]_^[
t1SVW
;_^[
SVWU
]_^[
t-Rf;
t f;J
uAJt
_^[]
]_^[
PSVW
_^[X
_^[X
SVWU
]_^[
]_^[
SVWU
]_^[
]_^[
SVWU
]_^[
t ;s
8\u8
kernel32.dll
GetLongPathNameA
h8U@
ZYYd
Software\Borland\Locales
Software\Borland\Delphi\Locales
SVWU
]_^[
ZYYd
_^[YY]
ZYYd
FFF;M
^[YY]
th;u
B@;u
s ;E
t2;u
Uh7Z@
ZYYd
h<Z@
^[Y]
ZYYd
^[Y]
Uh+[@
ZYYd
h2[@
^[Y]
ZYYd
UhV\@
ZYYd
h]\@
UhU^@
ZYYd
h\^@
ZYYd
Uh{`@
ZYYd
ZYYd
Exceptionld@
EHeapException
EOutOfMemory
EInOutError|e@
EExternal
EExternalException
EIntError
EDivByZero
ERangeError<g@
EIntOverflow
EMathError
EInvalidOp
EZeroDivide
EOverflow
EUnderflow
EInvalidPointer
EInvalidCast
EConvertError
EAccessViolation
EPrivilege
EStackOverflow
EControlC
EVariantError
EAssertionFailed
EAbstractError
EIntfCastError
EOSError
ESafecallException
SysUtils
SysUtils
TThreadLocalCounter
$TMultiReadExclusiveWriteSynchronizer
SVWU
]_^[
h,r@
6h,r@
SVWQ
s@GHu
Z_^[
0<:r
True
False
SVW3
Uh%v@
ZYYd
h,v@
_^[YY]
@w2j
SVWQ
PWVS
$Z_^[
SVWQ
PWVS
$Z_^[
^[YY]
SVWU
]_^[
SVW3
Uhgy@
ZYYd
hny@
_^[YY]
SVWU
;\uF
\u@3
]_^[
WVS
(_^[
<*t"<0r=<9w9i
_^[[
_^[]
INFNAN
QS<$t
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
<sGf
<sAf
^YY]
_^[YY]
'w~f
f;\F
_^[YY]
$YZ_^[
@YY]
ZYYd
ZYYd
yyyy
SVW3
t%HtIHtm
ZYYd
AM/PM
AMPM
AAAA
SVW3
ZYYd
_^[YY]
SVWQ
Z_^[
SVWUQ
$Z]_^[
SVW3
8gu4
ZYYd
SVWU
]_^[
SVWQ
Z_^[
QSVW
_^[Y]
QQQQQQSVW3
ZYYd
ZYYd
^[Y]
ZYYd
QQQQQSVW
ZYYd
yyyy
eeee
D$DP
D$HP
D$PPj
D$LPj
ZYYd
_^[Y]
ZYYd
_^[YY]
_^[]
TErrorRec
YZ^[
TExceptRec
SVW3
ZYYd
,tY=
t<HtH
r3t7
t(Ht
ZYYd
ZYYd
SVWU
]_^[
u";]
K;\$
$YZ^[
$YZ^[
SVWU
]_^[
SVWU
]_^[
SVWU
WUWSj
YZ]_^[
QSVW
_^[Y]
Y_^[
ZYYd
m/d/yy
mmmm d, yyyy
AMPM
AMPM
:mm:ss
ZYYd
ZYYd
kernel32.dll
GetDiskFreeSpaceExA
SVWUQ
Z]_^[
SVWUQ
(Z]_^[
SVWU
H;D$
YZ]_^[
SVWQ
;G$t@
Z_^[
;C$t4
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
[YY]
ZYYd
ZYYd
ZYYd
oleaut32.dll
VariantChangeTypeEx
VarNeg
VarNot
VarAdd
VarSub
VarMul
VarDiv
VarIdiv
VarMod
VarAnd
VarOr
VarXor
VarCmp
VarI4FromStr
VarR4FromStr
VarR8FromStr
VarDateFromStr
VarCyFromStr
VarBoolFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromBool
ZYYd
TCustomVariantType
TCustomVariantType\
Variants
EVariantInvalidOpError
EVariantTypeCastError
EVariantOverflowError
EVariantInvalidArgError
EVariantBadVarTypeError
EVariantBadIndexError
EVariantArrayLockedError
EVariantArrayCreateError
EVariantNotImplError
EVariantOutOfMemoryError
EVariantUnexpectedError
EVariantDispatchError
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
t?Htb
ZYYd
ZYYd
|kC3
|kC3
SVWQ
Z_^[
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
SVWUQ
Z]_^[
ZYYd
ZYYd
ZYYd
_^[YY]
QSVW
ZYYd
_^[Y]
QSVW
ZYYd
_^[Y]
QSVW
ZYYd
_^[Y]
QSVW
ZYYd
_^[Y]
QSVW
ZYYd
_^[Y]
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
QQQQSV
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
Uh9 A
ZYYd
h@ A
ZYYd
FSVQ
t0f-
Empty
Null
Smallint
Integer
Single
Double
Currency
Date
OleStr
Dispatch
Error
Boolean
Variant
Unknown
Decimal
ShortInt
Byte
Word
LongWord
Int64
SVW3
UhZ'A
ZYYd
ha'A
String
Array
ByRef
Variants
UhM(A
ZYYd
hT(A
SVWQ
Z_^[
_^[YY]
QSVW
_^[Y]
SVWUQ
Z]_^[
ZYYd
QSVW
t~h<
Uh8+A
ZYYd
h?+A
_^[Y]
ZYYd
Uhe,A
ZYYd
hl,A
False
True
ZYYd
tagEXCEPINFO
ITypeLib
ActiveX
ZYYd
EStreamError
EFileStreamError
EFCreateError
EFOpenError
EFilerError
EReadError
EWriteError
EListError
EStringListError
TList
TThreadList
TPersistent
TPersistent
Classes
IStringsAdapter
Classes
TStrings
TStrings
Classes
TStringItem
TStringList
TStringList
Classes
TStream
THandleStream
TFileStream
TRegGroup
TRegGroups
QSVW
_^[Y]
SVWU
]_^[
SVWU
]_^[
ZYYd
YZ^[
Uh<;A
ZYYd
hC;A
^[Y]
SVWU
]_^[
ZYYd
Uh<<A
ZYYd
hE<A
SVW3
ZYYd
SVWU
]_^[
SVW3
Uh7@A
|-F3
W<CNu
ZYYd
h!@A
ZYYd
h<@A
ZYYd
^[Y]
[YY]
Strings
SVW3
UhUBA
|0F3
ZYYd
h\BA
YZ^[
ZYYd
_^[Y]
SVW3
ZYYd
ZYYd
Uh9DA
ZYYd
h@DA
SVW3
UhYEA
ZYYd
h`EA
SVW3
ZYYd
ZYYd
SVWU
]_^[
QSVW
S$_^[Y]
UhtGA
ZYYd
h{GA
ZYYd
ZYYd
h$HA
^[YY]
SVW3
ZYYd
ZYYd
_^[YY]
SVWUQ
SdZ]_^[
ZYYd
ZYYd
ZYYd
UhiJA
ZYYd
hpJA
^[Y]
ZYYd
^[Y]
QQQQQQQSVW
UhmLA
UhCLA
ZYYd
hJLA
ZYYd
htLA
SVW3
ZYYd
h MA
S<^[
SVWUQ
$Z]_^[
SVWU
]_^[
$Z^[
Sd^[
_^[]
;C u
_^[]
s ^[
S4_^[
^[YY]
SVW3
ZYYd
ZYYd
_^[YY]
QSVW
ZYYd
_^[Y]
ZYYd
^[YY]
Uhg]A
ZYYd
hn]A
ZYYd
Uh)`A
ZYYd
h0`A
Uhq`A
ZYYd
hx`A
SVWQ
Z_^[
ZYYd
^[Y]
hhbA
ZYYd
_^[]
ZYYd
Uh1dA
ZYYd
h8dA
UhadA
ZYYd
hhdA
ZYYd
TComServerObject
TComClassManager
EOleError
EOleSysError
EOleException<gA
EOleRegistrationError
QSVW
Uh&hA
ZYYd
h-hA
_^[Y]
Apartment
Free
Both
Neutral
SVW3
ZYYd
Uh^jA
ZYYd
hejA
_^[Y]
Sh,kA
t`h8kA
hLkA
h\kA
htkA
ole32.dll
CoCreateInstanceEx
CoInitializeEx
CoAddRefServerProcess
CoReleaseServerProcess
CoResumeClassObjects
CoSuspendClassObjects
QQQQQQQQSV
ZYYd
ZYYd
ZYYd
PVSj
ZYYd
PQRh
PPPP
ZYYd
TComServer
ZYYd
UhWxA
ZYYd
h^xA
ZYYd
[YY]
ZYYd
h!yA
^[Y]
QQQQS
ZYYd
UhyzA
ZYYd
OLEAUT32.DLL
UnRegisterTypeLib
ZYYd
[YY]
tXh4!
ZYYd
AUTOMATION
EMBEDDING
REGSERVER
UNREGSERVER
InprocServer32
LocalServer32
QSVW
ZYYd
_^[Y]
ZYYd
ZYYd
[YY]
ZYYd
^[Y]
ZYYd
OLEAUT32.DLL
KERNEL32
GetLongPathNameA
ZYYd
SVW3
w<:]
ZYYd
ZYYd
SVW3
i@j
ZYYd
ZYYd
SVW3
ZYYd
ZYYd
DLyMSJQKWlKmpVxoqJ
SVW3
rCf;]
ZYYd
ZYYd
ZYYd
ZYYd
SVW3
ZYYd
ZYYd
FLUT
ZYYd
ZYYd
@0RQSV
@8;D$
@h$3
@||$
p<Wj
SQVW
klwq
SVW3
ZYYd
ZYYd
OBbFjxGKKGIkesqhf
ZYYd
SVW3
@V@j
B|-h
Ht.HtJ
@m@j
@S@j
ZYYd
ABemq
@EkDiwFmyI
axNjhkonbIKNsrmH
UXkI
jOsCCd
xOGFKU
ILUvvjboNJIoHMLKitcOVVTkFpGuykIrVLaHnn
CqyKNKCKSJ
ExJTJUlytmOS
Error
Runtime error at 00000000
0123456789ABCDEF
@v:k
%.*dPb@
kernel32.dll
GetACP
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
user32.dll
GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
SysReAllocStringLen
SysAllocStringLen
kernel32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
kernel32.dll
WriteFile
WaitForSingleObject
VirtualQuery
Sleep
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
ReadFile
MultiByteToWideChar
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GetVersionExA
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCPInfo
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateFileA
CreateEventA
CompareStringA
CloseHandle
user32.dll
PostThreadMessageA
MessageBoxA
LoadStringA
GetSystemMetrics
CharNextA
CharToOemA
kernel32.dll
Sleep
oleaut32.dll
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
ole32.dll
CoRegisterClassObject
CoUninitialize
CoInitialize
oleaut32.dll
GetErrorInfo
RegisterTypeLib
LoadTypeLibEx
SysFreeString
0<0H0L0P0T0X0\0`0d0p0}0
10181<1@1D1H1L1P1T1X1r1z1
2"2*222:2B2J2R2Z2b2j2r2z2
6%717L7
7.9j9
:$:,:@:N:]:i:q:|:
;/;:;[;s;
<W<w<
<'<0<;<D<K<Z<a<
0b0k0
121\1e1u1}1
2(2@2L2T2k2z2
2,3P3n3~3
4$4u4|4
6#6+6O6o6
6.7C7P7p7k9
9%:0:J:R:f:o:
;K=c=t=
0M0]0s0
5N5j5v5
6?6H6}6
8,8{8
:;:B:Z:|:
;T;j;
;D<L<x<
="=7=A=F=e=j=
<=<J<
2%6F8O8V9_9
0!141
393S3
3[5e5t5
5.656G6e6n6z6
9*:S:
<&<0<:<Q<b<o<v<z<
="=*=2=:=B=j=
< <7<C<P<b<o<{<
?"?*?2?:?B?J?R?Z?b?j?r?z?
0"0*020:0G0S0[0c0v0
1 1(10181@1H1P1X1`1h1p1x1
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4@4H4L4P4T4X4\4`4d4h4|4
5 505P5X5\5`5d5h5l5p5t5x5
6 6$6(6,606@6`6h6l6p6t6x6|6
7 7$7(7,7074787L7l7t7x7|7
8$8(8,8084888<8@8D8T8t8|8
9$9,9094989<9@9D9H9L9`9
:8:@:D:H:L:P:T:X:\:`:x:
;,;L;T;X;\;`;d;h;l;p;t;
< <$<(<@<`<h<l<p<t<x<|<
= =$=(=,=0=4=8=<=@=P=p=x=|=
<$<,<0<4<8<<<@<D<H<L<
? ?$?(?x?
5)5.585H5S5`5e5
6Z6n6z6
7Y7a7 9
=+=6=
2=2E2M2U2]2
6E7W7
7A9[9e9
<s<Z?
4)5<5S5@6T6
777H7_7
8<8P8a8q8
<8===K=o=
=T<p<
<<?V?h?
000B0
0$161M1_1
4<4k4p4
5%5K5g5
606B6}6
607e7~7
8;9@9H9r9
9A:K:
:N;};
="=:=A=T=l=
=(<7<K<
<D?x?
]0o0
0+1U1
2%2*20252;2B2H2M2S2X2^2e2k2v2~2
3"3(393D3I3
4Y4v4
6/6S6e6I8z8
8H9^9
:1:::Y:g:
;,;:;];
<6<g<n<}<
?"?-?3?;?@?
4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
5 5$5,50585<5D5H5P5T5\5`5h5l5t5x5
6 6(6,64686@6D6L6P6X6\6d6h6p6t6|6
7*7<7H7R7\7f7p7z7
8!8+858@8J8U8_8j8|8
9,9<9K9W9d9v9|9
:W:c:p:
:<;t;
<L<Y<
<$=1=`=
=#<U<
?*?2?:?B?y?
0!0&01070<0G0M0R0]0c0h0s0y0~0
1#1)1.191?1D1O1U1Z1e1
30383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
4 4$4@4`4h4l4p4t4x4|4
5(5054585<5@5D5H5L5P5l5
646T6\6`6d6h6l6p6t6x6|6
7$7,7074787<7@7D7H7L7h7
848T8\8`8d8h8l8p8t8x8|8
9C9R9i9
93:B:Y:
:i;x;
<1<@<W<f<z<
3X4q4
5%5L5q5
7!7%7)7-7175797=7A7E7I7M7Q7U7Y7e7
9$9~9
=#='=+=/=
P0W0m0q0u0y0}0
0D1K1b1f1j1n1r1v1
1$2+2C2G2K2O2S2W2[2h2
99:|:
:f;j;n;r;v;z;~;
<2<H<,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
0A1X2\2`2d2h2l2p2t2x2|2
4"4&4*4.42464:4<4B4F4J4N4^4!5
737L7
8 848
<4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
=2<M<h<
<8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
0)0F0c0
181g1
142K2d2
4"4&4*4.42464:4<4B4F4J4N4R4V4Z4^4p4
8%9<9U9
:L:w:
;);-;1;5;9;=;A;E;I;M;Q;U;Y;];a;e;i;m;q;u;y;};
a0z0
2P6o6
7%787J7
8$8<8C8
;);.;S;_;k;u;
< <'<-<4<:<A<G<N<`<
=(=6=Z=b=j=r=z=
<$<D<L<P<T<X<\<`<d<h<l<
? ?$?(?8?X?`?d?h?l?p?t?x?|?
0 0$0(0,000@0`0h0l0p0t0x0|0
1 1$1(1,1014181<1@1D1H1L1P1\1|1
2(292=2P2e2
3 3$3(3,3034383<3@3D3H3L3P3^3f3x3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
5 5$5(5,5054585<5H5h5p5t5x5|5
6 6$646T6\6`6d6h6l6p6t6x6|6
;/;Y;
<1<}<
0*0W0p0
0#1r1{1
4,4f4?5
687J7g7
8E8_8
8)9G9
:+:\:
;.;W;
;6<S<
<5?T?
1Y2q2
3!5(5y5
5L6S6
7q8x8
:$:3:x:}:
:i;p;
0@0d0
292C2S2Y2m2w2
343N3X3b3l3{3
4,4C4O4\4n4t4|4
5 5$5(5,5054585<5@5D5H5L5P5h5
6 6@6H6L6P6T6X6\6`6d6h6|6
7 7$7(7,7074787r7
8V8`8C9s9
1@1G1
232F2s2g3
4r4|4
5'5-575@5I5S5`5k5}5
6 6$6(6,6064686<6@6D6H6L6P6^6f6n6
8G8r8
:F:a:j:
;2;@;H;S;f;|;
;-<5<C<W<k<
<8=B=d=n=
???d?u?
0A0Z0v0
1*1;1H1R1Y1c1i1q1x1}1
3B3f3
526o6
7K8i8
9G9_9z9
90:{:
:Y;k;
;$<R<r<x<
<;=?=C=G=K=O=P<
?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
0'0-090?0K0Q0\0d0m0x0
1$1-141;1B1I1R1^1s1x1
2*24292J2Q2X2c2j2q2x2
3%343:3C3K3P3[3c3i3r3x3
4!4+4;4A4G4O4\4c4n4w4~4
5!5'5-53595?5E5K5Q5]5f5l5r5|5
6%6,636:6?6N6X6_6d6
7$747=7C7U7`7h7o7x7
8!8)8/858<8D8J8P8V8\8h8
9"9)999?9O9X9]9c9i9o9u9
:&:*:.:2:6:::<:B:F:J:N:S:Y:h:s:
;&;1;<;E;L;S;Z;d;k;r;z;
<&<1<F<L<R<a<l<u<
=*=C=N=T=Z=i=t=
=!<-<8<=<N<_<r<y<
?&?-?2?;?N?U?a?g?l?r?~?
0&010?0U0[0b0m0r0}0
1%1+1?1I1Q1W1h1n1}1
2$2-292D2J2P2V2\2i2w2}2
3*353<3E3J3O3Y3_3g3r3{3
4%4+414=4E4L4Z4_4d4u4
5)515O5V5_5g5l5t5}5
6)6B6W6b6m6x6
7 7)7<7D7K7R7g7
8&8-848<8D8K8R8\8b8i8p8y8~8
9#9/959;9A9K9Z9k9p9
:':/:;:D:K:R:l:s:
;";/;5;A;G;M;S;Y;i;r;y;
<$<+<9<D<K<Q<X<_<h<p<~<
<0@0D0(10141X1\1
2P2X2`2h2p2x2
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<6@6
8C+ROffts0QDGQ6BAGAhAIA9/Gibvg5h7DYAlAi9r375Pl+A8BzfhkftAkM1sOM/wVwlxjFAYy4QA3BOb2pS3IYbqAl/GBUjYaBBUyx6NAANBOYWzAZH0HZlDVdxRk/2yEAf9KXgSYTshdrWLHCqTwoABLANnmfhfBCKJAgiKMYyNrg0AZjxAdFEgXzMApFAfCdWJuAOtwaB8AeUKWL4rn1JA5avlI39Lxt8KAQ4i+sasATXMnoxYpgB6AE0AjYBbzkuACasUaVHulqtmE20x/fb4CyRiHInAcgA1NhWQuQ0lGf/uRZqIbXGQWCA7oLCARYpyAGJYBAfAAIeAARMuvCBHTAASAAwwXjskQqwAbAtUKV4/fBgVAZm/3fsug6yXB3gfQB7PAOQAE0gAOW5iD03gdkTLuHkgsUgViUu+QhOpTv3wNFtAXQr9+YMAB/2HrxRgZzQcwIzDZ35zJLAHkYDtXWAxVizwZAmFAQBwWlLmuLJA9cmvybo0AA2QMDC1AXsyJQC3YmwATlAwSwNAt6DBV4dQtN6+wX/A3wfA2TApATdhjCAyp4ro3R4+7lhVWPUAjmtQDByqsAtMO9AIBAas9VAa3FB5aKI0NHOAY2ABTKJDvEIdPIsgiwcAdndAGwYwJmmtSBB2lXcwYkAtD2kE7AQcQklBM2AqtA24CbAqAIAwsXVsJAFQAgYkVraNPvIklwq8LqE///irL5ACtSeaDL8hpBaJO64gkwW4Kp0PgjSnGYw+sSOWCLstoBKFN6ocjwG0Jpk7vjCjFAfRK5+tAkRxbg5UBG5lpSNc6qEjI+XimVtuoONjnBvikCMmd56hW7GiZAkSo9TTJFvZnkwLe2yqlAa5K54QgxuEoPh0vulzlIDpQ4yC9UuUvMWTqL7JW6pC9iuyQuVzlNlRO5c++UOo7VyTrELFW5kaWtssvtlrgbQmmQu+MKMpmXqtLJJE9ybZbdTzphiLPbAilT+6LR9SxHUpG5YAsyWUCr0vlhSHPaCekQOeKJsNoDKlF4osryGYBrkrnpCDNmgaTT+yJJcKfC5hE4Y4qx20ArUnlgy/MaQWiTsuELJFuCadD4Y0pxmMOrEjmgi7LaAShTuqHI8BtCaZC74woxWoOq0QkkS3KZwOgTOmGIs9sCKVB7osnxGENqkbjgCzMLhKvSyiFIc5rB6RA7Yomw2AMqUXijyvIZQGuSueEIM1qBqNP7Iklwm8LqEThjirHZACtSeaDL8xpBaJO64gkwW4Kp0PgjSnGYw+sSOWCLstoBKFN6ocjxZoGI0LvjCjFZQ6rR+WBLcpnA6BM6UYiz2wIpUHuiyfEYQ2qTuOALsaZBixb6IUhzm0HpEDniibDYWypReJPK8hlAa5K54QgzWoGo0vsiS/FmgYrJOGOKsdlAK1J7oMvzGklok7qKCTBbgqnQ+CNKcZjD6xE5YIiy2gEoU3qhyPAbQmmQu+MKMViDqtH5IEtymcDoEzphiLPbAilQe6LJ8RhDapG44AsyWYCr0vohSHOawekQO2KJsNgDKlF4o8ryGUBrkrnhCDNagajT+yJJcJvC6hE4Y4qx2QArUnmgy/MaQWiTuuIJMFuCqdD4I0pxmMPrEjlgi7LaAShTeqHI8BtCaZC74woxWIOq0fkgS3KZwOgTOmGIs9sCKVB7osnxGENqkbjgCzJZgKvS+iFIc5rB6RA7Yomw2AMqUXijyvIZQGuSueEIM1qBqNP7Iklwm8LqEThjirHZACtSeaDL8xpBaJO64gkwW4Kp0PgjSnGYw+sSOWCLstoBKFN6ocjwG0JpkLvjCjFYg6rR+SBLcpnA6BM6YYiz2wIpUHuiyfEYQ2qRuOALMlmAq9L6IUhzmsHpEDtiibDYAypReKPK8hlAa5K54QgzWoGo0/siSXCbwuoROGOKsdkAK1J5oMvzGkFok7riCTBbgqnQ+CNKcZjD6xI5YIuy2gEoU3qhyPAbQmmQu+MKMViDqtH5IEtymcDoEzphiLPbAilQe6LJ8RhDas1BBMcxpkGLVsZFUFTlTGVrKCrWukVXKlPAa8ryGLhrkyHlC6vv///+pU+6tVaNoC3kQlzGANFf/qWgy3JLDIzM1eQmh/uJfjv9lygA9XvJ5iNFw8nH4TojhM/2bv/wo2C74whXNWu4r+FNN1L2YZnnLBniDSMf+lVbBuYhWFP54c1kbA29/Wv9uaJkP/oRmagz/eFhawNKHh/fv9F+eYy3r8ctJzsh2XaHM7ns/QiYRiEyStbaXkxx5/7+Q/xOAWO6FS0lmpSv7PX+SZv9mnkqIoT4kR9s+UU7/bV02kL6wNby+WkePhzNaj2KBnus9YP/nb/BxbbgnJLgqg6BESXYSq1NTWGRTwDUp1y8/l8gXCaSg54EIxsMek/9/++sl/3loRBCoCGk06pQTGDIH4psOG5UqhsQNJMI02sYOyz4vdl+GnqXFJzkojktstsJBP8BrPKWJvaB9u4l/Mzrhwp195X+Ed7iXPObDG9r9/zUfUwgz/xEd9/+Vdf5D94TohPN9/kWguCv0CzJxejWAzLkC3Fk4eg2KR9l/R3i9tUrMlHZPmRVQAq2IUYARuAEAjAgWr+e4nDajvnGScmg53ZDolHJRFYmSxphzaCd6E/h8m0EmJhxtIRLurG+AqXXWcSPmIFpqowLIdQBqpSZyjXfm1uvmslTMiCvwCI/JBs6kei2vokRos7Gu+7Z9w43/N7qzmdR/dMfV9iey/eZXoOT+wyGQpVhQZYKhFRx6ktg8I5i3V3tECVrKJp+NG+1BsXp54kV+5HZGWKMxgwIcwwd6Tly+fsOvIBe3yJcfS1Ja7/2R/4YYDCRjv1mEmlCCIAFdI4u7dnfThlLS884cgahzIRMxay+5a/2VRsu2cE7yPhl1c2LsISFrtiIBtDyV9q/07EOnhK4cf+MWn0prAgkr8daovGoOnNhTjtEEl6zW9KCaiKNRIGtfDSMnYixAGE1+fypHFB0T7DH4uBZXFtVztlgHzqhafO1lomwu7DVQQ0cIMpTpR1C9bLqm+HkuhRP5DhOenjbjZ/+HbpCLeFAua5b3Kld6P9s7LqyJt6zUE3LGy4J7yR3xWTs6Q+Fh92r/QBhZF8I4/+1d+9LsSle/7v4BPY1F/FADhxF2m/j0UCz/MMJgMW7b8Nh1DQscPQLadCEd/HFwe2HrzDl9q8fUIHTCPfRWINtbs7UgJHwQ67JyydL3nrYVCLIwnUJw7h37gHFdQhBZ/zYbdFZr7ZKOBlxejzPBAB62LdwGaL5qARgEAggPOmYmN2wLKzP6X7ZF+JKTahxYuj5HQm0otO3bU8JTO7i3BTayNEuzBhRVEHMYpmD/7ATXmokGO8N1C4QoaAsx9zdqBFhgSZwETO2s3XYhXWgxw1NKeDEF6f/2dAmLTocED4PHBIP/BHzbXXme77E/o1YEPEAwH9bd7ihQGFEEDhDMtQ+2RnHpS7cBA04CZQgDwVeuBnTC12OMCCzG63SDI1h5E9axwheNCblBVAin230dPWZaVEcGUAQFjb13nwQDUK8g0P81N7OIa7s33BUHuQDJZg+vwXUIZnM+CSwkG2BzxRyRhm+kjyM0IVwcXFzGhe+/Ow1QfAeDJRAAFMyJMWwF5K7q9Lkgyl9b7rFnUMxQOIsEhQby9scZsf5WiX3Qx0XUI2K4TNcZEVoHwjZaESqjddx+dQFGi0AcDHXzfw83QX/yH2v8YbyLxuvUg2X4VDPSuWLSG/i3Dgj38YvCmff+YIlV8OsC68btjQ4CdWdM8DnQf19zBWFsYxiHBC+wSsN2hLCy7E30aewztgMbyNzDZpcEtZ/QmmP/WjWLdhyJNRhh19KliUY9B4I2FGeYbETZixAk2YSFMEIUKBC+tcJBcCuMsk4Htq4vDPJWCLjIssoPt8kfXOZ+44B+CX1N7A+Fr05r+PMMIIP4DQxMxiHPCwr4Hg7NLNuBD2vBwFaQBzns8GoNYfz8uQ0IGN66aqLGEFauL84V3oe2dfBcVc4T97oN2wO5SiAmCdtcCsyJ2MZftmTI+Y1fAYvDIPDFtadbaFrsyBWL5HMNtoBkEPB0xFhyYYaYZo+aF+m+uQE1nY1ENw43/L2x2A0KizXk1qbyMInSBPQhxgwbgcFg63VYWb6wi/SvCkAZa4sNM6vHQaIV+2X4fIPAC4x6cSEj7wuF9nQUC2ZewhWKjJ92/cDGRv7ZhdYwm3iIBkIECIhGAqD21m3rIGIHBesHZqwDAQEl++gO4wYBSr4cGE8CUsiBbeekJwkdHAqNkFtoFHwKtiU4HjmNAAX61+BOPOC1+lZJE4bJ1iAKX15eExgIjUj1MBtEEHK70FdQdXUQFpa4zgN9kMfF+I5LyPIQwvz4cVuGi1I5Byo2jp1obUY8L8sRix0Trs/xf3kl0xuGG76ACy5nAw+CxGzrAxZoFnATO0gQPkBTW29c4QhGjUEDAxBvE757C2cPh54lg/oJdSaNi33xi/hAwAN9V2EFts118AgutFdfMoO5B1IIc6UtQS4b8CYH5EcBTwIjCFsUIjsHNQg8b4U82RhQAnUpf1shH8gGVwR1L2TsXMgQmWVAEDSwt0I+BXUjLyhZuBn4C3VRDbl4AS9Ii9y6Zef5CAMMQAQEQbjwxhdHBTuId2W/luHiuQgPTV4t6KjR1uUHx64tzxtnC2/xK/mD74vHgE6TVZbkeFNKTBEDURZnWFucEsODPnf/4w/J8XFIZkBhFVbHPbR4jwVq5n8m9y8i1DV+BCTDtpehMYjQdPEan0A07Q6N9Ik1jceMAAn5mWQ5sgmICw2QjDCENjoVAk1ReEaQamIf6euXyM3gV9ZVYFAFHB+jiUFo3Wxe/uT4gez4IV+4lJ5wA4lEJAwLSP/UeO98JCy5A/AbTQvseotcJH0kEHACk8bsa/HYAwr4tGpBZvJcBYthX2xQSIRYjIeweoTYIBE0MHVwd3AhVntiBI2nRMcA7w7yNOBQvruci85miYYwN8JIBCFQRzfw5ATYQDIhAM9vsg0wcL0FpzilsXp2CQ1raOJo1C0x42UR6xvJ5gGshWUr9AUQCkJTdsRKMBYuQE82jPUII380KWTrtXYwNsCLS/78AAJ+891bFG6YjWbkai9W4Le//Pa5B6IlBuZgRo7p6nbljHRmB+4GNpApiT6CMBeNWqOnHWAZAw9luy1t+yBdLBgQ6AYoiS0uyxMOJBEKytAALRLShFPw6HQtFrpYftCrIdQI0gQj5UqDKEBwODrXjbqscw9i3SxfDKywHToQ30sE2DMw9k45qAhSDNRm6tCg5w4P1I3vUOGlmF5s4E47Bgu2Bh/IKZzLkYvRb2bqXfRTOYsZVfw+2AG/VAF0FlZT+gpZyQmDEt+NwlMsjUdy7qkGKAxP/0fJS0tN4mgUnHe21pIrSLVXAl5Djk5NuLNppOWBkFfWmbONpAoMhPxZ7fXYwShAHFNXuDCGFMI0dOjbrOg1/PLLL6/kES7af+pvQ6Ax7vU2pu4ShSjV8gJZP62EVk/0O/PetBdCU82oGt1TDuScLLQmYsVGRmFrj5xGiV4UAtF3LLamCSZ0GCwdSlbqJJ/wGCsNV1Z03MfjEUHVCnmBfsg1ixiFBgi5FIy9VkjAkpwB4JAbSyIUEkYglNllHZiQ1CBidYZbOMw1A2BsU8gIZXYIsXBzIH9ziVMCZGTAgqZQQHoI7hXFPqwBVmwEcBQKRmooaTa0dmQ66zMdsrR1EbYjTBq2iLXr4zAUfqYzYLAZjKYSB86AGQ6lAwzlBUNzu911Ba0UCfyZnntsVpYKBk3I6QAToBqSk5+NknDg/M3YpD8mZJD2MPgsAAQeyEMoxBJ4ErcHI0EL0poETLNDeAT4AWoG05itYRKOEKkjxkkdL2WDNsKyi1bSNIT7BobTkq0UKUhYCFm4E6Iylkj3+Ni2B4v/jXc0CdMxVOsf5KRbVoA/TXQOhdu7uEuwcDlfRQVtYFkEGBouJH5wS4ExhMgkfgUZTih2mkgeZkJFYIg52DdHcmQ36ELIhDAXNI0+kIPg2zETwhQ2iXIG1ywcXTGNJzRHEvemAkJTgPF2CEGQpXkWV5tzwTJiOzuBbfslYQjOQ2gZCgBOe3FYcF/q+MAnUU+b4sQ4/DVXD1ZBgM8FYiYQ1O2f1akAhH8Ihf9fddTNsaDd+vjR6DPJKwxGck2qwf2wV0wsA8BQC/MAsHYW7LkhbB8EB0LtKNzaaUQPlP2YV7/XRKn7Ile+BaAZdoCvQLZBYhUP81cSAfsWzlrb2TiRvtpXe+WydVvIyDr8BswiGJqlWZrQNNRQ2GwRmqVZ3IjgpA5uzOW+v/xX4+uSMG0+oR2BB/wX4FQy2FdTSxNq7b8iwOsB4TV0YXh73SkPhPXZRQY37F4jAUNwxiLQFYtEhcphoKHIVfCThiB0tfusAwYDwzkC4kZjJNvwHvyKZpxUB7wi9xqL7DmYxZJ2YDfsEmDBLl9TIFcRVrdqblcYNGAEQTNc52ID8BoHHFdbyVZq+yLsRPyFJ0ua3QkuTAUk24WPU9StBJNZQpj4CMxFcLTMIwczsBou1sDwuwJ/mNLuYczwZgncNiEoJwv/5uiqQHHwM9JTUlJRKhR3Zp6xQRqAj2YgnOyke3tqZVlTH0xD/gp4/BXwWhJfCfoAqcfIGCNoDM8Guzw9WoHIU3tbtmBPRyitHxWAHisrBI6QLSYBBNwVSGQMmBXxV3xnalwSuJoq62e8+7qQrFHZC+kIA0DrSJxBBT5uF+W9sDQ6HNIfYzC4AqFoXtUnw1Sm7ZAEagfrfcJpo3hjVmagaghY2gnDIQQQCl4AzohTknh2+TjaqrHVlbABygH02TVI0Jev/KI7w5UtIcDsI4ttgbngSxZNO5FLDeGIHDiFV4QAayR8T98QBCghwXB8ExwY7okaM42FfEAWxuhOMxAcUNJ8loBOwYbdE9ZAnA4KhaxQCa6TpUmxJ4geeVAKAIIBC37rMWohWyLyjC15zCEQICJBZGNuz8wAAG8f9gAlZC4CACVzD2xvZ/Ll5f9pbm9yYXQuY29tAGFkbXBhbm/b2d8Oa2EbbWFiYWx4EE0hAInuv6ljemkAbgBlAEcAdQlkr9N13f8AbwBmAHQAdx9yGVwpaXfzYF1yF3MbXABDeQBwC59rNnNvAGdLcHkZAFK6c9d1N3MbUz9yAHYJV2+168ZrZDF3HTIA/TEANFgKbBJZd0PSfe5bh3UhL25vVq7pNjNzH24dUm5ba8bGunATdu1vly54Awthb6wAG2MtGw83ZO9uYRVrAG3lG3eL7CxlswM3b19VtsCSrW8bU133AHZfVUEAUAFEB1QKwGJzAwBckxUVYKEDyEGPeSGgbIo0Dd06kwEADBAQAQywVVSAGJCEgAJfNhcQmBggAUdldD3y//9FbnZpcm9ubWVudFZhcmlhYmxlV0xhc9i327YcchpyDURlFHRlRmka3b8b9k1vdgolVGVtcFBhdGgNbOxttm0vchZuFyVkdWwne/sFe05hbSsNQXQkaWJ1Tb69/W5zE1dpZGVDaHVUb00sdGlCedtv29YWFEmIZUdvY2tlZApjA3LC3nJlmRVEZWlt67ZvNmFsaXpGcgljClMcruxbawfOGkxlYXYVRZTNUvZGFd8WUPu+vd4Qa0NvdWtHfW2HuVsxQWyEDEaHZVyhbY8mUXVlAWQoC0h2Wy7sO1N0EnVzUw5lcAaF7RT2UG9zIldhdUZkzbm7CAAaT2JqfheNblt2a8CTSW8xRXKG97D2l0NzZUhhbmQUJFRoBoQkTEJkgEGYft1Ps5DypQBSZWeKcrbF3tp5Vr4GRXhXEfJ0D9qxxxJkS2V5DE9wUxsav+cLG1hDdRR8SHfTbIeNUBtm0VyyiGm6rfB3c3BEG2YTvZC6xVr7V1NBXq4ITWN229aeoa0L2udsDAsry7JsAm8JAgz54dZtrWdjzWRHZhgBZmKLZTuZDf8WAhcD5X37/z8VQiUJJQoJIgoKBwkLGAkWNgcsBhMky/9XvgUoKwsYABAGUhwOkRlAERrf/OX/FHgMQxwHGBAMKQcGDR8IIAUrDQoZGdu2/f8GBhoFGAUJCCgHFS4OMBsYEAU7Wv7f/v8JYwnw+QA7ESwXCh0eFy1qG1KrZdcPCCMGCgvtbtvfdAoaCQdcCQoIAw8HLxEObfsu8gUMHQYMBxwIR29rXm7f/jk6DShOHKYID3c6D5dqbR4cJPvtt988EAlYDTgLLlIgCyJUChEGOwcA////HxcbCQYbXAVgDxsiGw81EFYGGTwfFh4MQgwcBSr+C938CjjwExYEAFBF9UwBBAAbFYdTrNn+Q+AAAgELAQoMHA4T+5oC9zUWBNgwDUALZKdgOQIF6Qe932u2A2AECB5AhSgvo7fsAgcGbtQyOXeQLGRQL2eBrEuFAKfQHuwLtvkudGV4dDwakOsEI9yW7i4gzS5yZBph+/gGugt7gwgYJ0ACLrK9SfcmEGz8JyhnM21TwE9l+R+g+qZssFBzKidCGwgAw3IpysZSxJoAAAAAAABAAv8AAGC+AGBAAI2+ALD//1frC5CKBkaIB0cB23UHix6D7vwR23LtuAEAAAAB23UHix6D7vwR2xHAAdtz73UJix6D7vwR23PkMcmD6ANyDcHgCIoGRoPw/3R0icUB23UHix6D7vwR2xHJAdt1B4seg+78EdsRyXUgQQHbdQeLHoPu/BHbEckB23PvdQmLHoPu/BHbc+SDwQKB/QDz//+D0QGNFC+D/fx2D4oCQogHR0l19+lj////kIsCg8IEiQeDxwSD6QR38QHP6Uz///9eife5ZAAAAIoHRyzoPAF394A/AXXyiweKXwRmwegIwcAQhsQp+IDr6AHwiQeDxwWI2OLZjb4AUAAAiwcJwHRFi18EjYQwAHAAAAHzUIPHCP+WZHAAAJWKB0cIwHTcifl5Bw+3B0dQR7lXSPKuVf+WaHAAAAnAdAeJA4PDBOvY/5Z4cAAAg8cEjV78McCKB0cJwHQiPO93EQHDiwOGxMHAEIbEAfCJA+viJA/B4BBmiweDxwLr4ouubHAAAI2+APD//7sAEAAAUFRqBFNX/9WNh98BAACAIH+AYCh/WFBUUFNX/9VYYY1EJIBqADnEdfqD7IDpg6H//wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYgAAAZIAAAAAAAAAAAAAAAAAAAKWAAACAgAAAAAAAAAAAAAAAAAAAsoAAAIiAAAAAAAAAAAAAAAAAAAC9gAAAkIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyIAAANaAAADmgAAA9oAAAASBAAASgQAAAAAAACCBAAAAAAAALoEAAAAAAAADAACAAAAAAEtFUk5FTDMyLkRMTABBRFZBUEkzMi5kbGwAVVNFUjMyLmRsbABXUzJfMzIuZGxsAAAATG9hZExpYnJhcnlBAABHZXRQcm9jQWRkcmVzcwAAVmlydHVhbFByb3RlY3QAAFZpcnR1YWxBbGxvYwAAVmlydHVhbEZyZWUAAABFeGl0UHJvY2VzcwAAAFJlZ0Nsb3NlS2V5AAAAd3NwcmludGZBAAAAAHAAAAwAAADyMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
&=O8
mmcperf
FComObj
qComConst
System
SysInit
CVariants
KWindows
UTypes
SysConst
$VarUtils
SysUtils
sActiveX
3Messages
^Classes
"RTLConsts
QTypInfo
OpenGL
ComServ
SyncObjs
Math
_DateUtils
YStrUtils
Comments
Keywords: Trojan:Win32/Tesch.B