CAPE

Detections: Emotet


Analysis

Category Package Started Completed Duration Log
FILE Emotet 2019-12-03 05:02:27 2019-12-03 05:06:16 229 seconds Show Log
2019-12-03 05:02:28,000 [root] INFO: Date set to: 12-03-19, time set to: 05:02:28, timeout set to: 200
2019-12-03 05:02:28,015 [root] DEBUG: Starting analyzer from: C:\qqjjr
2019-12-03 05:02:28,015 [root] DEBUG: Storing results at: C:\dypUtWA
2019-12-03 05:02:28,015 [root] DEBUG: Pipe server name: \\.\PIPE\hqaHaEf
2019-12-03 05:02:28,015 [root] INFO: Analysis package "Emotet" has been specified.
2019-12-03 05:02:28,312 [root] DEBUG: Started auxiliary module Browser
2019-12-03 05:02:28,326 [root] DEBUG: Started auxiliary module Curtain
2019-12-03 05:02:28,326 [modules.auxiliary.digisig] DEBUG: Checking for a digitial signature.
2019-12-03 05:02:28,747 [modules.auxiliary.digisig] DEBUG: File is not signed.
2019-12-03 05:02:28,747 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2019-12-03 05:02:28,747 [root] DEBUG: Started auxiliary module DigiSig
2019-12-03 05:02:28,747 [root] DEBUG: Started auxiliary module Disguise
2019-12-03 05:02:28,747 [root] DEBUG: Started auxiliary module Human
2019-12-03 05:02:28,747 [root] DEBUG: Started auxiliary module Screenshots
2019-12-03 05:02:28,747 [root] DEBUG: Started auxiliary module Sysmon
2019-12-03 05:02:28,747 [root] DEBUG: Started auxiliary module Usage
2019-12-03 05:02:28,747 [root] INFO: Analyzer: DLL set to Extraction.dll from package modules.packages.Emotet
2019-12-03 05:02:28,763 [root] INFO: Analyzer: Package modules.packages.Emotet does not specify a DLL_64 option
2019-12-03 05:02:28,763 [lib.api.process] INFO: Successfully executed process from path "C:\Users\user\AppData\Local\Temp\0s2pq1fZJ58j5H.exe" with arguments "" with pid 1308
2019-12-03 05:02:28,763 [lib.api.process] INFO: Option 'exclude-apis' with value 'RegOpenKeyExA' sent to monitor
2019-12-03 05:02:28,763 [lib.api.process] INFO: 32-bit DLL to inject is C:\qqjjr\dll\lVmtOR.dll, loader C:\qqjjr\bin\tvekCfe.exe
2019-12-03 05:02:28,825 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\hqaHaEf.
2019-12-03 05:02:28,825 [root] DEBUG: Loader: Injecting process 1308 (thread 884) with C:\qqjjr\dll\lVmtOR.dll.
2019-12-03 05:02:28,825 [root] DEBUG: Process image base: 0x00400000
2019-12-03 05:02:28,825 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\qqjjr\dll\lVmtOR.dll.
2019-12-03 05:02:28,825 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x004AC000 - 0x77110000
2019-12-03 05:02:28,842 [root] DEBUG: InjectDllViaIAT: Allocated 0x23c bytes for new import table at 0x004B0000.
2019-12-03 05:02:28,842 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-12-03 05:02:28,842 [root] DEBUG: Successfully injected DLL C:\qqjjr\dll\lVmtOR.dll.
2019-12-03 05:02:28,842 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1308
2019-12-03 05:02:30,885 [lib.api.process] INFO: Successfully resumed process with pid 1308
2019-12-03 05:02:30,885 [root] INFO: Added new process to list with pid: 1308
2019-12-03 05:02:30,979 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-12-03 05:02:30,994 [root] INFO: Disabling sleep skipping.
2019-12-03 05:02:30,994 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-12-03 05:02:30,994 [root] INFO: Disabling sleep skipping.
2019-12-03 05:02:30,994 [root] DEBUG: WoW64 detected: 64-bit ntdll base: 0x77110000, KiUserExceptionDispatcher: 0x0, NtSetContextThread: 0x7716124a, Wow64PrepareForException: 0x0
2019-12-03 05:02:30,994 [root] DEBUG: WoW64 workaround: KiUserExceptionDispatcher hook installed at: 0x1d0000
2019-12-03 05:02:30,994 [root] DEBUG: Debugger initialised.
2019-12-03 05:02:30,994 [root] DEBUG: CAPE initialised: 32-bit Extraction package loaded in process 1308 at 0x747d0000, image base 0x400000, stack from 0x186000-0x190000
2019-12-03 05:02:30,994 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Users\user\AppData\Local\Temp\0s2pq1fZJ58j5H.exe".
2019-12-03 05:02:31,009 [root] DEBUG: AddTrackedRegion: GetTrackedRegion(0x00400000) returned 0x00000000.
2019-12-03 05:02:31,009 [root] DEBUG: AddTrackedRegion: Created new tracked region: TrackedRegion->AllocationBase 0x00000000.
2019-12-03 05:02:31,009 [root] DEBUG: AddTrackedRegion: VirtualQuery(0x00400000) -> AllocationBase 0x00400000 RegionSize 0x4096.
2019-12-03 05:02:31,009 [root] DEBUG: AddTrackedRegion: EntryPoint 0x4e559, Entropy 6.434354e+00
2019-12-03 05:02:31,009 [root] DEBUG: AddTrackedRegion: New region at 0x00400000 size 0x1000 added to tracked regions.
2019-12-03 05:02:31,009 [root] DEBUG: ExtractionInit: Adding main image base to tracked regions.
2019-12-03 05:02:31,009 [root] INFO: Monitor successfully loaded in process with pid 1308.
2019-12-03 05:02:31,026 [root] DEBUG: DLL loaded at 0x74C70000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2019-12-03 05:02:31,042 [root] DEBUG: DLL loaded at 0x74C30000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-12-03 05:02:31,042 [root] DEBUG: DLL loaded at 0x74930000: C:\Windows\system32\USERENV (0x17000 bytes).
2019-12-03 05:02:31,042 [root] DEBUG: DLL loaded at 0x74530000: C:\Windows\system32\profapi (0xb000 bytes).
2019-12-03 05:02:36,766 [root] DEBUG: Allocation: 0x035E0000 - 0x035F1000, size: 0x11000, protection: 0x40.
2019-12-03 05:02:36,766 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2019-12-03 05:02:36,766 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2019-12-03 05:02:36,766 [root] DEBUG: ProcessImageBase: EP 0x0004E559 image base 0x00400000 size 0x0 entropy 6.440463e+00.
2019-12-03 05:02:36,766 [root] DEBUG: AllocationHandler: Adding allocation to tracked region list: 0x035E0000, size: 0x11000.
2019-12-03 05:02:36,766 [root] DEBUG: AddTrackedRegion: GetTrackedRegion(0x035E0000) returned 0x00000000.
2019-12-03 05:02:36,766 [root] DEBUG: AddTrackedRegion: Created new tracked region: TrackedRegion->AllocationBase 0x00000000.
2019-12-03 05:02:36,766 [root] DEBUG: AddTrackedRegion: VirtualQuery(0x035E0000) -> AllocationBase 0x035E0000 RegionSize 0x69632.
2019-12-03 05:02:36,766 [root] DEBUG: AddTrackedRegion: New region at 0x035E0000 size 0x11000 added to tracked regions.
2019-12-03 05:02:36,766 [root] DEBUG: ActivateBreakpoints: TrackedRegion->AllocationBase: 0x035E0000, TrackedRegion->RegionSize: 0x11000, thread 884
2019-12-03 05:02:36,766 [root] DEBUG: SetDebugRegister: Setting breakpoint 0 hThread=0xcc, Size=0x2, Address=0x035E0000 and Type=0x1.
2019-12-03 05:02:36,782 [root] DEBUG: SetThreadBreakpoint: Set bp 0 thread id 884 type 1 at address 0x035E0000, size 2 with Callback 0x747d7510.
2019-12-03 05:02:36,782 [root] DEBUG: ActivateBreakpoints: Set write breakpoint on empty protect address: 0x035E0000
2019-12-03 05:02:36,782 [root] DEBUG: SetDebugRegister: Setting breakpoint 1 hThread=0xcc, Size=0x4, Address=0x035E003C and Type=0x1.
2019-12-03 05:02:36,782 [root] DEBUG: SetThreadBreakpoint: Set bp 1 thread id 884 type 1 at address 0x035E003C, size 4 with Callback 0x747d71a0.
2019-12-03 05:02:36,782 [root] DEBUG: ActivateBreakpoints: Set write breakpoint on e_lfanew address: 0x035E003C
2019-12-03 05:02:36,782 [root] DEBUG: AllocationHandler: Breakpoints set on newly-allocated executable region at: 0x035E0000 (size 0x11000).
2019-12-03 05:02:36,782 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-12-03 05:02:36,782 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x76B59B60 (thread 884)
2019-12-03 05:02:36,782 [root] DEBUG: BaseAddressWriteCallback: Breakpoint 0 at Address 0x035E0000.
2019-12-03 05:02:36,782 [root] DEBUG: ContextSetDebugRegister: Setting breakpoint 2 within Context, Size=0x0, Address=0x035E0000 and Type=0x0.
2019-12-03 05:02:36,782 [root] DEBUG: BaseAddressWriteCallback: byte written to 0x35e0000: 0xb2.
2019-12-03 05:02:36,782 [root] DEBUG: BaseAddressWriteCallback: Exec bp set on tracked region protect address.
2019-12-03 05:02:36,782 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x76B59B60 (thread 884)
2019-12-03 05:02:36,782 [root] DEBUG: PEPointerWriteCallback: Breakpoint 1 at Address 0x035E003C.
2019-12-03 05:02:36,782 [root] DEBUG: PEPointerWriteCallback: candidate pointer to PE header too big: 0xc0ca0eeb (at 0x035E003C).
2019-12-03 05:02:36,782 [root] DEBUG: ContextSetNextAvailableBreakpoint: An identical breakpoint (2) at 0x035E0000 already exists for thread 884 (process 1308), skipping.
2019-12-03 05:02:36,782 [root] DEBUG: PEPointerWriteCallback: set write bp on AddressOfEntryPoint at 0x035E0000.
2019-12-03 05:02:36,782 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x74C4CFBC (thread 884)
2019-12-03 05:02:36,782 [root] DEBUG: BaseAddressWriteCallback: Breakpoint 0 at Address 0x035E0000.
2019-12-03 05:02:36,782 [root] DEBUG: ContextSetNextAvailableBreakpoint: An identical breakpoint (2) at 0x035E0000 already exists for thread 884 (process 1308), skipping.
2019-12-03 05:02:36,782 [root] DEBUG: BaseAddressWriteCallback: byte written to 0x35e0000: 0xe8.
2019-12-03 05:02:36,798 [root] DEBUG: BaseAddressWriteCallback: Exec bp set on tracked region protect address.
2019-12-03 05:02:36,798 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x74C4CFBC (thread 884)
2019-12-03 05:02:36,798 [root] DEBUG: PEPointerWriteCallback: Breakpoint 1 at Address 0x035E003C.
2019-12-03 05:02:36,798 [root] DEBUG: PEPointerWriteCallback: candidate pointer to PE header too big: 0xf6335756 (at 0x035E003C).
2019-12-03 05:02:36,798 [root] DEBUG: ContextSetNextAvailableBreakpoint: An identical breakpoint (2) at 0x035E0000 already exists for thread 884 (process 1308), skipping.
2019-12-03 05:02:36,798 [root] DEBUG: PEPointerWriteCallback: set write bp on AddressOfEntryPoint at 0x035E0000.
2019-12-03 05:02:36,798 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x035E0000 (thread 884)
2019-12-03 05:02:36,798 [root] DEBUG: ShellcodeExecCallback: Breakpoint 2 at Address 0x035E0000 (allocation base 0x035E0000).
2019-12-03 05:02:36,798 [root] DEBUG: ShellcodeExecCallback: Debug: About to scan region for a PE image (base 0x035E0000, size 0x11000).
2019-12-03 05:02:36,798 [root] DEBUG: DumpPEsInRange: Scanning range 0x35e0000 - 0x35f1000.
2019-12-03 05:02:36,798 [root] DEBUG: ScanForDisguisedPE: PE image located at: 0x35e053f
2019-12-03 05:02:36,798 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump 'raw' PE image.
2019-12-03 05:02:36,798 [root] DEBUG: DumpPE: Instantiating PeParser with address: 0x035E053F.
2019-12-03 05:02:36,798 [root] INFO: Added new CAPE file to list with path: C:\dypUtWA\CAPE\1308_20165172383621032122019
2019-12-03 05:02:36,798 [root] DEBUG: DumpPE: PE file in memory dumped successfully - dump size 0x10400.
2019-12-03 05:02:36,798 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x35e073f-0x35f1000.
2019-12-03 05:02:36,798 [root] DEBUG: ShellcodeExecCallback: PE image(s) detected and dumped.
2019-12-03 05:02:36,798 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x35e0000 - 0x35f1000.
2019-12-03 05:02:36,798 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoint 0 address 0x035E0000.
2019-12-03 05:02:36,798 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoint 1 address 0x035E003C.
2019-12-03 05:02:36,798 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoint 2 address 0x035E0000.
2019-12-03 05:02:36,798 [root] DEBUG: set_caller_info: Adding region at 0x035E0000 to caller regions list (ntdll::NtAllocateVirtualMemory).
2019-12-03 05:02:36,798 [root] DEBUG: set_caller_info: Caller at 0x035E0115 in tracked regions.
2019-12-03 05:02:36,798 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2019-12-03 05:02:36,798 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2019-12-03 05:02:36,798 [root] DEBUG: ProcessImageBase: EP 0x0004E559 image base 0x00400000 size 0x0 entropy 6.440463e+00.
2019-12-03 05:02:36,798 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x035E0000.
2019-12-03 05:02:36,798 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2019-12-03 05:02:36,798 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2019-12-03 05:02:36,813 [root] DEBUG: ProcessImageBase: EP 0x0004E559 image base 0x00400000 size 0x0 entropy 6.440463e+00.
2019-12-03 05:02:36,813 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x035E0000.
2019-12-03 05:02:36,813 [root] DEBUG: ProtectionHandler: Adding region at 0x03731000 to tracked regions.
2019-12-03 05:02:36,813 [root] DEBUG: AddTrackedRegion: GetTrackedRegion(0x03731000) returned 0x00000000.
2019-12-03 05:02:36,813 [root] DEBUG: AddTrackedRegion: Created new tracked region: TrackedRegion->AllocationBase 0x00000000.
2019-12-03 05:02:36,813 [root] DEBUG: AddTrackedRegion: VirtualQuery(0x03731000) -> AllocationBase 0x03730000 RegionSize 0x57344.
2019-12-03 05:02:36,813 [root] DEBUG: AddTrackedRegion: EntryPoint 0xda0a, Entropy 5.408193e+00
2019-12-03 05:02:36,813 [root] DEBUG: AddTrackedRegion: New region at 0x03730000 size 0xe000 added to tracked regions.
2019-12-03 05:02:36,813 [root] DEBUG: ProtectionHandler: Address: 0x03731000 (alloc base 0x03730000), NumberOfBytesToProtect: 0xdc00, NewAccessProtection: 0x20
2019-12-03 05:02:36,813 [root] DEBUG: ProtectionHandler: Increased region size at 0x03731000 to 0xec00.
2019-12-03 05:02:36,813 [root] DEBUG: ProtectionHandler: New code detected at (0x03730000), scanning for PE images.
2019-12-03 05:02:36,813 [root] DEBUG: DumpPEsInRange: Scanning range 0x3730000 - 0x373ec00.
2019-12-03 05:02:36,813 [root] DEBUG: ScanForDisguisedPE: PE image located at: 0x3730000
2019-12-03 05:02:36,813 [root] DEBUG: DumpImageInCurrentProcess: Disguised PE image (bad MZ and/or PE headers) at 0x03730000
2019-12-03 05:02:36,813 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2019-12-03 05:02:36,813 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x03730000.
2019-12-03 05:02:36,813 [root] DEBUG: DumpProcess: Module entry point VA is 0x0000DA0A.
2019-12-03 05:02:37,032 [root] INFO: Added new CAPE file to list with path: C:\dypUtWA\CAPE\1308_1151538248362532122019
2019-12-03 05:02:37,032 [root] DEBUG: DumpProcess: Module image dump success - dump size 0xfe00.
2019-12-03 05:02:37,032 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x3730200-0x373ec00.
2019-12-03 05:02:37,032 [root] DEBUG: ProtectionHandler: PE image(s) dumped from 0x03730000.
2019-12-03 05:02:37,032 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x3730000 - 0x373ec00.
2019-12-03 05:02:37,032 [root] DEBUG: set_caller_info: Adding region at 0x03730000 to caller regions list (ntdll::memcpy).
2019-12-03 05:02:37,032 [root] DEBUG: set_caller_info: Caller at 0x0373DA35 in tracked regions.
2019-12-03 05:02:37,032 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2019-12-03 05:02:37,032 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2019-12-03 05:02:37,032 [root] DEBUG: ProcessImageBase: EP 0x0004E559 image base 0x00400000 size 0x0 entropy 6.440463e+00.
2019-12-03 05:02:37,032 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x035E0000.
2019-12-03 05:02:37,032 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x03730000.
2019-12-03 05:02:37,048 [root] INFO: Announced 32-bit process name: 0s2pq1fZJ58j5H.exe pid: 2756
2019-12-03 05:02:37,048 [lib.api.process] INFO: Option 'exclude-apis' with value 'RegOpenKeyExA' sent to monitor
2019-12-03 05:02:37,048 [lib.api.process] INFO: 32-bit DLL to inject is C:\qqjjr\dll\lVmtOR.dll, loader C:\qqjjr\bin\tvekCfe.exe
2019-12-03 05:02:37,048 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\hqaHaEf.
2019-12-03 05:02:37,048 [root] DEBUG: Loader: Injecting process 2756 (thread 2092) with C:\qqjjr\dll\lVmtOR.dll.
2019-12-03 05:02:37,048 [root] DEBUG: Process image base: 0x00400000
2019-12-03 05:02:37,048 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\qqjjr\dll\lVmtOR.dll.
2019-12-03 05:02:37,048 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x004AC000 - 0x77110000
2019-12-03 05:02:37,048 [root] DEBUG: InjectDllViaIAT: Allocated 0x23c bytes for new import table at 0x004B0000.
2019-12-03 05:02:37,048 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-12-03 05:02:37,048 [root] DEBUG: Successfully injected DLL C:\qqjjr\dll\lVmtOR.dll.
2019-12-03 05:02:37,048 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2756
2019-12-03 05:02:37,048 [root] DEBUG: DLL loaded at 0x74AF0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2019-12-03 05:02:37,062 [root] DEBUG: DLL unloaded from 0x00400000.
2019-12-03 05:02:37,062 [root] INFO: Announced 32-bit process name: 0s2pq1fZJ58j5H.exe pid: 2756
2019-12-03 05:02:37,062 [lib.api.process] INFO: Option 'exclude-apis' with value 'RegOpenKeyExA' sent to monitor
2019-12-03 05:02:37,062 [lib.api.process] INFO: 32-bit DLL to inject is C:\qqjjr\dll\lVmtOR.dll, loader C:\qqjjr\bin\tvekCfe.exe
2019-12-03 05:02:37,062 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\hqaHaEf.
2019-12-03 05:02:37,062 [root] DEBUG: Loader: Injecting process 2756 (thread 2092) with C:\qqjjr\dll\lVmtOR.dll.
2019-12-03 05:02:37,062 [root] DEBUG: Process image base: 0x00400000
2019-12-03 05:02:37,062 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\qqjjr\dll\lVmtOR.dll.
2019-12-03 05:02:37,062 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2019-12-03 05:02:37,062 [root] DEBUG: Successfully injected DLL C:\qqjjr\dll\lVmtOR.dll.
2019-12-03 05:02:37,062 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2756
2019-12-03 05:02:37,062 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1308).
2019-12-03 05:02:37,062 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2019-12-03 05:02:37,062 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2019-12-03 05:02:37,078 [root] DEBUG: ProcessImageBase: EP 0x0004E559 image base 0x00400000 size 0x0 entropy 6.440463e+00.
2019-12-03 05:02:37,078 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x035E0000.
2019-12-03 05:02:37,078 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x03730000.
2019-12-03 05:02:37,078 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-12-03 05:02:37,078 [root] INFO: Disabling sleep skipping.
2019-12-03 05:02:37,078 [root] DEBUG: DLL unloaded from 0x75140000.
2019-12-03 05:02:37,078 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 1308).
2019-12-03 05:02:37,078 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2019-12-03 05:02:37,078 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2019-12-03 05:02:37,078 [root] DEBUG: ProcessImageBase: EP 0x0004E559 image base 0x00400000 size 0x0 entropy 6.440455e+00.
2019-12-03 05:02:37,078 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x035E0000.
2019-12-03 05:02:37,078 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x03730000.
2019-12-03 05:02:37,078 [root] INFO: Notified of termination of process with pid 1308.
2019-12-03 05:02:37,078 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-12-03 05:02:37,078 [root] DEBUG: WoW64 detected: 64-bit ntdll base: 0x77110000, KiUserExceptionDispatcher: 0x0, NtSetContextThread: 0x7716124a, Wow64PrepareForException: 0x0
2019-12-03 05:02:37,078 [root] DEBUG: WoW64 workaround: KiUserExceptionDispatcher hook installed at: 0x3e0000
2019-12-03 05:02:37,094 [root] DEBUG: Debugger initialised.
2019-12-03 05:02:37,109 [root] DEBUG: CAPE initialised: 32-bit Extraction package loaded in process 2756 at 0x747d0000, image base 0x400000, stack from 0x186000-0x190000
2019-12-03 05:02:37,109 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\--f53fe057.
2019-12-03 05:02:37,109 [root] DEBUG: AddTrackedRegion: GetTrackedRegion(0x00400000) returned 0x00000000.
2019-12-03 05:02:37,125 [root] DEBUG: AddTrackedRegion: Created new tracked region: TrackedRegion->AllocationBase 0x00000000.
2019-12-03 05:02:37,141 [root] DEBUG: AddTrackedRegion: VirtualQuery(0x00400000) -> AllocationBase 0x00400000 RegionSize 0x4096.
2019-12-03 05:02:37,171 [root] DEBUG: AddTrackedRegion: EntryPoint 0x4e559, Entropy 6.434354e+00
2019-12-03 05:02:37,171 [root] DEBUG: AddTrackedRegion: New region at 0x00400000 size 0x1000 added to tracked regions.
2019-12-03 05:02:37,171 [root] DEBUG: ExtractionInit: Adding main image base to tracked regions.
2019-12-03 05:02:37,171 [root] INFO: Added new process to list with pid: 2756
2019-12-03 05:02:37,171 [root] INFO: Monitor successfully loaded in process with pid 2756.
2019-12-03 05:02:37,171 [root] DEBUG: DLL loaded at 0x74C70000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2019-12-03 05:02:37,187 [root] DEBUG: DLL loaded at 0x74C30000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-12-03 05:02:37,187 [root] DEBUG: DLL loaded at 0x74520000: C:\Windows\system32\USERENV (0x17000 bytes).
2019-12-03 05:02:37,187 [root] DEBUG: DLL loaded at 0x74940000: C:\Windows\system32\profapi (0xb000 bytes).
2019-12-03 05:02:42,819 [root] DEBUG: Allocation: 0x00690000 - 0x006A1000, size: 0x11000, protection: 0x40.
2019-12-03 05:02:42,835 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2019-12-03 05:02:42,835 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2019-12-03 05:02:42,835 [root] DEBUG: ProcessImageBase: EP 0x0004E559 image base 0x00400000 size 0x0 entropy 6.440428e+00.
2019-12-03 05:02:42,835 [root] DEBUG: AllocationHandler: Adding allocation to tracked region list: 0x00690000, size: 0x11000.
2019-12-03 05:02:42,835 [root] DEBUG: AddTrackedRegion: GetTrackedRegion(0x00690000) returned 0x00000000.
2019-12-03 05:02:42,835 [root] DEBUG: AddTrackedRegion: Created new tracked region: TrackedRegion->AllocationBase 0x00000000.
2019-12-03 05:02:42,835 [root] DEBUG: AddTrackedRegion: VirtualQuery(0x00690000) -> AllocationBase 0x00690000 RegionSize 0x69632.
2019-12-03 05:02:42,835 [root] DEBUG: AddTrackedRegion: New region at 0x00690000 size 0x11000 added to tracked regions.
2019-12-03 05:02:42,835 [root] DEBUG: ActivateBreakpoints: TrackedRegion->AllocationBase: 0x00690000, TrackedRegion->RegionSize: 0x11000, thread 2092
2019-12-03 05:02:42,851 [root] DEBUG: SetDebugRegister: Setting breakpoint 0 hThread=0xcc, Size=0x2, Address=0x00690000 and Type=0x1.
2019-12-03 05:02:42,851 [root] DEBUG: SetThreadBreakpoint: Set bp 0 thread id 2092 type 1 at address 0x00690000, size 2 with Callback 0x747d7510.
2019-12-03 05:02:42,851 [root] DEBUG: ActivateBreakpoints: Set write breakpoint on empty protect address: 0x00690000
2019-12-03 05:02:42,851 [root] DEBUG: SetDebugRegister: Setting breakpoint 1 hThread=0xcc, Size=0x4, Address=0x0069003C and Type=0x1.
2019-12-03 05:02:42,851 [root] DEBUG: SetThreadBreakpoint: Set bp 1 thread id 2092 type 1 at address 0x0069003C, size 4 with Callback 0x747d71a0.
2019-12-03 05:02:42,851 [root] DEBUG: ActivateBreakpoints: Set write breakpoint on e_lfanew address: 0x0069003C
2019-12-03 05:02:42,851 [root] DEBUG: AllocationHandler: Breakpoints set on newly-allocated executable region at: 0x00690000 (size 0x11000).
2019-12-03 05:02:42,851 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-12-03 05:02:42,865 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x76B59B60 (thread 2092)
2019-12-03 05:02:42,865 [root] DEBUG: BaseAddressWriteCallback: Breakpoint 0 at Address 0x00690000.
2019-12-03 05:02:42,865 [root] DEBUG: ContextSetDebugRegister: Setting breakpoint 2 within Context, Size=0x0, Address=0x00690000 and Type=0x0.
2019-12-03 05:02:42,865 [root] DEBUG: BaseAddressWriteCallback: byte written to 0x690000: 0xb2.
2019-12-03 05:02:42,865 [root] DEBUG: BaseAddressWriteCallback: Exec bp set on tracked region protect address.
2019-12-03 05:02:42,865 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x76B59B60 (thread 2092)
2019-12-03 05:02:42,865 [root] DEBUG: PEPointerWriteCallback: Breakpoint 1 at Address 0x0069003C.
2019-12-03 05:02:42,881 [root] DEBUG: PEPointerWriteCallback: candidate pointer to PE header too big: 0xc0ca0eeb (at 0x0069003C).
2019-12-03 05:02:42,881 [root] DEBUG: ContextSetNextAvailableBreakpoint: An identical breakpoint (2) at 0x00690000 already exists for thread 2092 (process 2756), skipping.
2019-12-03 05:02:42,881 [root] DEBUG: PEPointerWriteCallback: set write bp on AddressOfEntryPoint at 0x00690000.
2019-12-03 05:02:42,881 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x74C4CFBC (thread 2092)
2019-12-03 05:02:42,881 [root] DEBUG: BaseAddressWriteCallback: Breakpoint 0 at Address 0x00690000.
2019-12-03 05:02:42,881 [root] DEBUG: ContextSetNextAvailableBreakpoint: An identical breakpoint (2) at 0x00690000 already exists for thread 2092 (process 2756), skipping.
2019-12-03 05:02:42,898 [root] DEBUG: BaseAddressWriteCallback: byte written to 0x690000: 0xe8.
2019-12-03 05:02:42,898 [root] DEBUG: BaseAddressWriteCallback: Exec bp set on tracked region protect address.
2019-12-03 05:02:42,913 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x74C4CFBC (thread 2092)
2019-12-03 05:02:42,913 [root] DEBUG: PEPointerWriteCallback: Breakpoint 1 at Address 0x0069003C.
2019-12-03 05:02:42,928 [root] DEBUG: PEPointerWriteCallback: candidate pointer to PE header too big: 0xf6335756 (at 0x0069003C).
2019-12-03 05:02:42,928 [root] DEBUG: ContextSetNextAvailableBreakpoint: An identical breakpoint (2) at 0x00690000 already exists for thread 2092 (process 2756), skipping.
2019-12-03 05:02:42,928 [root] DEBUG: PEPointerWriteCallback: set write bp on AddressOfEntryPoint at 0x00690000.
2019-12-03 05:02:42,928 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x00690000 (thread 2092)
2019-12-03 05:02:42,960 [root] DEBUG: ShellcodeExecCallback: Breakpoint 2 at Address 0x00690000 (allocation base 0x00690000).
2019-12-03 05:02:42,960 [root] DEBUG: ShellcodeExecCallback: Debug: About to scan region for a PE image (base 0x00690000, size 0x11000).
2019-12-03 05:02:42,976 [root] DEBUG: DumpPEsInRange: Scanning range 0x690000 - 0x6a1000.
2019-12-03 05:02:42,990 [root] DEBUG: ScanForDisguisedPE: PE image located at: 0x69053f
2019-12-03 05:02:42,990 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump 'raw' PE image.
2019-12-03 05:02:42,990 [root] DEBUG: DumpPE: Instantiating PeParser with address: 0x0069053F.
2019-12-03 05:02:43,006 [root] INFO: Added new CAPE file to list with path: C:\dypUtWA\CAPE\2756_13473934074221032122019
2019-12-03 05:02:43,006 [root] DEBUG: DumpPE: PE file in memory dumped successfully - dump size 0x10400.
2019-12-03 05:02:43,006 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x69073f-0x6a1000.
2019-12-03 05:02:43,006 [root] DEBUG: ShellcodeExecCallback: PE image(s) detected and dumped.
2019-12-03 05:02:43,006 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x690000 - 0x6a1000.
2019-12-03 05:02:43,006 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoint 0 address 0x00690000.
2019-12-03 05:02:43,022 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoint 1 address 0x0069003C.
2019-12-03 05:02:43,022 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoint 2 address 0x00690000.
2019-12-03 05:02:43,022 [root] DEBUG: set_caller_info: Adding region at 0x00690000 to caller regions list (ntdll::NtAllocateVirtualMemory).
2019-12-03 05:02:43,022 [root] DEBUG: set_caller_info: Caller at 0x00690115 in tracked regions.
2019-12-03 05:02:43,022 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2019-12-03 05:02:43,038 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2019-12-03 05:02:43,038 [root] DEBUG: ProcessImageBase: EP 0x0004E559 image base 0x00400000 size 0x0 entropy 6.440428e+00.
2019-12-03 05:02:43,038 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00690000.
2019-12-03 05:02:43,053 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2019-12-03 05:02:43,053 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2019-12-03 05:02:43,053 [root] DEBUG: ProcessImageBase: EP 0x0004E559 image base 0x00400000 size 0x0 entropy 6.440428e+00.
2019-12-03 05:02:43,053 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00690000.
2019-12-03 05:02:43,053 [root] DEBUG: ProtectionHandler: Adding region at 0x008F1000 to tracked regions.
2019-12-03 05:02:43,053 [root] DEBUG: AddTrackedRegion: GetTrackedRegion(0x008F1000) returned 0x00000000.
2019-12-03 05:02:43,069 [root] DEBUG: AddTrackedRegion: Created new tracked region: TrackedRegion->AllocationBase 0x00000000.
2019-12-03 05:02:43,085 [root] DEBUG: AddTrackedRegion: VirtualQuery(0x008F1000) -> AllocationBase 0x008F0000 RegionSize 0x57344.
2019-12-03 05:02:43,085 [root] DEBUG: AddTrackedRegion: EntryPoint 0xda0a, Entropy 5.383982e+00
2019-12-03 05:02:43,085 [root] DEBUG: AddTrackedRegion: New region at 0x008F0000 size 0xe000 added to tracked regions.
2019-12-03 05:02:43,085 [root] DEBUG: ProtectionHandler: Address: 0x008F1000 (alloc base 0x008F0000), NumberOfBytesToProtect: 0xdc00, NewAccessProtection: 0x20
2019-12-03 05:02:43,085 [root] DEBUG: ProtectionHandler: Increased region size at 0x008F1000 to 0xec00.
2019-12-03 05:02:43,085 [root] DEBUG: ProtectionHandler: New code detected at (0x008F0000), scanning for PE images.
2019-12-03 05:02:43,085 [root] DEBUG: DumpPEsInRange: Scanning range 0x8f0000 - 0x8fec00.
2019-12-03 05:02:43,085 [root] DEBUG: ScanForDisguisedPE: PE image located at: 0x8f0000
2019-12-03 05:02:43,099 [root] DEBUG: DumpImageInCurrentProcess: Disguised PE image (bad MZ and/or PE headers) at 0x008F0000
2019-12-03 05:02:43,099 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2019-12-03 05:02:43,115 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x008F0000.
2019-12-03 05:02:43,115 [root] DEBUG: DumpProcess: Module entry point VA is 0x0000DA0A.
2019-12-03 05:02:43,115 [root] INFO: Added new CAPE file to list with path: C:\dypUtWA\CAPE\2756_1627107144432532122019
2019-12-03 05:02:43,115 [root] DEBUG: DumpProcess: Module image dump success - dump size 0xfe00.
2019-12-03 05:02:43,115 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x8f0200-0x8fec00.
2019-12-03 05:02:43,131 [root] DEBUG: ProtectionHandler: PE image(s) dumped from 0x008F0000.
2019-12-03 05:02:43,131 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x8f0000 - 0x8fec00.
2019-12-03 05:02:43,131 [root] DEBUG: set_caller_info: Adding region at 0x008F0000 to caller regions list (ntdll::memcpy).
2019-12-03 05:02:43,131 [root] DEBUG: set_caller_info: Caller at 0x008FDA35 in tracked regions.
2019-12-03 05:02:43,147 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2019-12-03 05:02:43,163 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2019-12-03 05:02:43,163 [root] DEBUG: ProcessImageBase: EP 0x0004E559 image base 0x00400000 size 0x0 entropy 6.440428e+00.
2019-12-03 05:02:43,163 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00690000.
2019-12-03 05:02:43,163 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x008F0000.
2019-12-03 05:02:48,622 [root] DEBUG: DLL loaded at 0x74380000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32 (0x19e000 bytes).
2019-12-03 05:02:48,638 [root] DEBUG: DLL loaded at 0x74EB0000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-12-03 05:02:48,638 [root] DEBUG: DLL loaded at 0x74280000: C:\Windows\system32\propsys (0xf5000 bytes).
2019-12-03 05:02:48,638 [root] DEBUG: DLL loaded at 0x75A70000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-12-03 05:02:48,638 [root] DEBUG: DLL loaded at 0x75A10000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-12-03 05:02:48,654 [root] DEBUG: DLL loaded at 0x75D40000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-12-03 05:02:48,654 [root] DEBUG: DLL loaded at 0x749D0000: C:\Windows\system32\ntmarta (0x21000 bytes).
2019-12-03 05:02:48,684 [root] DEBUG: DLL loaded at 0x76EA0000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-12-03 05:02:48,684 [root] DEBUG: DLL unloaded from 0x75E70000.
2019-12-03 05:02:49,200 [root] INFO: Announced 64-bit process name: explorer.exe pid: 1632
2019-12-03 05:02:49,216 [lib.api.process] INFO: Option 'exclude-apis' with value 'RegOpenKeyExA' sent to monitor
2019-12-03 05:02:49,216 [lib.api.process] INFO: 64-bit DLL to inject is C:\qqjjr\dll\TisIwy.dll, loader C:\qqjjr\bin\WKXhIXcM.exe
2019-12-03 05:02:49,230 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\hqaHaEf.
2019-12-03 05:02:49,230 [root] DEBUG: Loader: Injecting process 1632 (thread 0) with C:\qqjjr\dll\TisIwy.dll.
2019-12-03 05:02:49,230 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed.
2019-12-03 05:02:49,262 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-12-03 05:02:49,278 [root] INFO: Disabling sleep skipping.
2019-12-03 05:02:49,309 [root] WARNING: Unable to place hook on LockResource
2019-12-03 05:02:49,325 [root] WARNING: Unable to hook LockResource
2019-12-03 05:02:49,371 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 1632 at 0x00000000741A0000, image base 0x00000000FF900000, stack from 0x0000000004552000-0x0000000004560000
2019-12-03 05:02:49,387 [root] DEBUG: Commandline: C:\Windows\explorer.exe.
2019-12-03 05:02:49,387 [root] INFO: Added new process to list with pid: 1632
2019-12-03 05:02:49,387 [root] INFO: Monitor successfully loaded in process with pid 1632.
2019-12-03 05:02:49,387 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2019-12-03 05:02:49,387 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2019-12-03 05:02:49,387 [root] DEBUG: Successfully injected DLL C:\qqjjr\dll\TisIwy.dll.
2019-12-03 05:02:49,434 [root] DEBUG: DLL unloaded from 0x74280000.
2019-12-03 05:02:49,450 [root] DEBUG: DLL loaded at 0x74930000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2019-12-03 05:02:49,464 [root] DEBUG: DLL loaded at 0x74190000: C:\Windows\system32\mssprxy (0xc000 bytes).
2019-12-03 05:02:49,480 [root] DEBUG: DLL unloaded from 0x74190000.
2019-12-03 05:02:49,480 [root] DEBUG: DLL unloaded from 0x75E70000.
2019-12-03 05:02:49,480 [root] DEBUG: DLL unloaded from 0x75C10000.
2019-12-03 05:02:49,589 [root] INFO: Announced starting service "compontitle"
2019-12-03 05:02:49,589 [root] INFO: Attaching to Service Control Manager (services.exe - pid 460)
2019-12-03 05:02:52,585 [lib.api.process] INFO: Option 'exclude-apis' with value 'RegOpenKeyExA' sent to monitor
2019-12-03 05:02:52,585 [lib.api.process] INFO: 64-bit DLL to inject is C:\qqjjr\dll\TisIwy.dll, loader C:\qqjjr\bin\WKXhIXcM.exe
2019-12-03 05:02:52,615 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\hqaHaEf.
2019-12-03 05:02:52,615 [root] DEBUG: Loader: Injecting process 460 (thread 0) with C:\qqjjr\dll\TisIwy.dll.
2019-12-03 05:02:52,615 [root] DEBUG: InjectDll: No thread ID supplied. Initial thread ID 2256, handle 0x84
2019-12-03 05:02:52,615 [root] DEBUG: Process image base: 0x00000000FFA10000
2019-12-03 05:02:52,615 [root] DEBUG: InjectDllViaIAT: Not a new process, aborting IAT patch
2019-12-03 05:02:52,631 [root] DEBUG: InjectDll: IAT patching failed, falling back to thread injection.
2019-12-03 05:02:52,631 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-12-03 05:02:52,631 [root] INFO: Disabling sleep skipping.
2019-12-03 05:02:52,648 [root] WARNING: Unable to place hook on LockResource
2019-12-03 05:02:52,648 [root] WARNING: Unable to hook LockResource
2019-12-03 05:02:52,663 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 460 at 0x00000000741A0000, image base 0x00000000FFA10000, stack from 0x0000000002A06000-0x0000000002A10000
2019-12-03 05:02:52,694 [root] DEBUG: Commandline: C:\Windows\sysnative\services.exe.
2019-12-03 05:02:52,694 [root] INFO: Added new process to list with pid: 460
2019-12-03 05:02:52,694 [root] INFO: Monitor successfully loaded in process with pid 460.
2019-12-03 05:02:52,710 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2019-12-03 05:02:52,710 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2019-12-03 05:02:52,726 [root] DEBUG: Successfully injected DLL C:\qqjjr\dll\TisIwy.dll.
2019-12-03 05:02:53,755 [root] INFO: Announced 32-bit process name: compontitle.exe pid: 2036
2019-12-03 05:02:53,755 [lib.api.process] INFO: Option 'exclude-apis' with value 'RegOpenKeyExA' sent to monitor
2019-12-03 05:02:53,755 [lib.api.process] INFO: 32-bit DLL to inject is C:\qqjjr\dll\lVmtOR.dll, loader C:\qqjjr\bin\tvekCfe.exe
2019-12-03 05:02:53,755 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\hqaHaEf.
2019-12-03 05:02:53,770 [root] DEBUG: Loader: Injecting process 2036 (thread 2732) with C:\qqjjr\dll\lVmtOR.dll.
2019-12-03 05:02:53,770 [root] DEBUG: Process image base: 0x00400000
2019-12-03 05:02:53,770 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\qqjjr\dll\lVmtOR.dll.
2019-12-03 05:02:53,770 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x004AC000 - 0x77110000
2019-12-03 05:02:53,770 [root] DEBUG: InjectDllViaIAT: Allocated 0x23c bytes for new import table at 0x004B0000.
2019-12-03 05:02:53,786 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-12-03 05:02:53,802 [root] DEBUG: Successfully injected DLL C:\qqjjr\dll\lVmtOR.dll.
2019-12-03 05:02:53,802 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2036
2019-12-03 05:02:53,818 [root] INFO: Announced 32-bit process name: compontitle.exe pid: 2036
2019-12-03 05:02:53,818 [lib.api.process] INFO: Option 'exclude-apis' with value 'RegOpenKeyExA' sent to monitor
2019-12-03 05:02:53,818 [lib.api.process] INFO: 32-bit DLL to inject is C:\qqjjr\dll\lVmtOR.dll, loader C:\qqjjr\bin\tvekCfe.exe
2019-12-03 05:02:53,832 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\hqaHaEf.
2019-12-03 05:02:53,864 [root] DEBUG: Loader: Injecting process 2036 (thread 2732) with C:\qqjjr\dll\lVmtOR.dll.
2019-12-03 05:02:53,864 [root] DEBUG: Process image base: 0x00400000
2019-12-03 05:02:53,864 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\qqjjr\dll\lVmtOR.dll.
2019-12-03 05:02:53,864 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2019-12-03 05:02:53,895 [root] DEBUG: Successfully injected DLL C:\qqjjr\dll\lVmtOR.dll.
2019-12-03 05:02:53,895 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2036
2019-12-03 05:02:53,927 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-12-03 05:02:53,957 [root] INFO: Disabling sleep skipping.
2019-12-03 05:02:53,973 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-12-03 05:02:53,973 [root] DEBUG: WoW64 detected: 64-bit ntdll base: 0x77110000, KiUserExceptionDispatcher: 0x0, NtSetContextThread: 0x7716124a, Wow64PrepareForException: 0x0
2019-12-03 05:02:53,973 [root] DEBUG: WoW64 workaround: KiUserExceptionDispatcher hook installed at: 0x210000
2019-12-03 05:02:53,989 [root] DEBUG: Debugger initialised.
2019-12-03 05:02:53,989 [root] DEBUG: CAPE initialised: 32-bit Extraction package loaded in process 2036 at 0x747d0000, image base 0x400000, stack from 0x186000-0x190000
2019-12-03 05:02:53,989 [root] DEBUG: Commandline: C:\Windows\System32\"C:\Windows\SysWOW64\compontitle.exe".
2019-12-03 05:02:54,005 [root] DEBUG: AddTrackedRegion: GetTrackedRegion(0x00400000) returned 0x00000000.
2019-12-03 05:02:54,005 [root] DEBUG: AddTrackedRegion: Created new tracked region: TrackedRegion->AllocationBase 0x00000000.
2019-12-03 05:02:54,019 [root] DEBUG: AddTrackedRegion: VirtualQuery(0x00400000) -> AllocationBase 0x00400000 RegionSize 0x4096.
2019-12-03 05:02:54,019 [root] DEBUG: AddTrackedRegion: EntryPoint 0x4e559, Entropy 6.434354e+00
2019-12-03 05:02:54,019 [root] DEBUG: AddTrackedRegion: New region at 0x00400000 size 0x1000 added to tracked regions.
2019-12-03 05:02:54,052 [root] DEBUG: ExtractionInit: Adding main image base to tracked regions.
2019-12-03 05:02:54,052 [root] INFO: Added new process to list with pid: 2036
2019-12-03 05:02:54,052 [root] INFO: Monitor successfully loaded in process with pid 2036.
2019-12-03 05:02:54,052 [root] DEBUG: DLL loaded at 0x74C70000: C:\Windows\SysWOW64\CRYPTSP (0x16000 bytes).
2019-12-03 05:02:54,052 [root] DEBUG: DLL loaded at 0x74C30000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-12-03 05:02:54,052 [root] DEBUG: DLL loaded at 0x74940000: C:\Windows\SysWOW64\profapi (0xb000 bytes).
2019-12-03 05:03:04,660 [root] DEBUG: Allocation: 0x00630000 - 0x00641000, size: 0x11000, protection: 0x40.
2019-12-03 05:03:04,660 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2019-12-03 05:03:04,706 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2019-12-03 05:03:04,706 [root] DEBUG: ProcessImageBase: EP 0x0004E559 image base 0x00400000 size 0x0 entropy 6.440407e+00.
2019-12-03 05:03:04,753 [root] DEBUG: AllocationHandler: Adding allocation to tracked region list: 0x00630000, size: 0x11000.
2019-12-03 05:03:04,753 [root] DEBUG: AddTrackedRegion: GetTrackedRegion(0x00630000) returned 0x00000000.
2019-12-03 05:03:04,799 [root] DEBUG: AddTrackedRegion: Created new tracked region: TrackedRegion->AllocationBase 0x00000000.
2019-12-03 05:03:04,799 [root] DEBUG: AddTrackedRegion: VirtualQuery(0x00630000) -> AllocationBase 0x00630000 RegionSize 0x69632.
2019-12-03 05:03:04,799 [root] DEBUG: AddTrackedRegion: New region at 0x00630000 size 0x11000 added to tracked regions.
2019-12-03 05:03:04,799 [root] DEBUG: ActivateBreakpoints: TrackedRegion->AllocationBase: 0x00630000, TrackedRegion->RegionSize: 0x11000, thread 2732
2019-12-03 05:03:04,846 [root] DEBUG: SetDebugRegister: Setting breakpoint 0 hThread=0xcc, Size=0x2, Address=0x00630000 and Type=0x1.
2019-12-03 05:03:04,846 [root] DEBUG: SetThreadBreakpoint: Set bp 0 thread id 2732 type 1 at address 0x00630000, size 2 with Callback 0x747d7510.
2019-12-03 05:03:04,846 [root] DEBUG: ActivateBreakpoints: Set write breakpoint on empty protect address: 0x00630000
2019-12-03 05:03:04,846 [root] DEBUG: SetDebugRegister: Setting breakpoint 1 hThread=0xcc, Size=0x4, Address=0x0063003C and Type=0x1.
2019-12-03 05:03:04,894 [root] DEBUG: SetThreadBreakpoint: Set bp 1 thread id 2732 type 1 at address 0x0063003C, size 4 with Callback 0x747d71a0.
2019-12-03 05:03:04,894 [root] DEBUG: ActivateBreakpoints: Set write breakpoint on e_lfanew address: 0x0063003C
2019-12-03 05:03:04,894 [root] DEBUG: AllocationHandler: Breakpoints set on newly-allocated executable region at: 0x00630000 (size 0x11000).
2019-12-03 05:03:04,940 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-12-03 05:03:04,940 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x76B59B60 (thread 2732)
2019-12-03 05:03:04,940 [root] DEBUG: BaseAddressWriteCallback: Breakpoint 0 at Address 0x00630000.
2019-12-03 05:03:04,940 [root] DEBUG: ContextSetDebugRegister: Setting breakpoint 2 within Context, Size=0x0, Address=0x00630000 and Type=0x0.
2019-12-03 05:03:04,940 [root] DEBUG: BaseAddressWriteCallback: byte written to 0x630000: 0xb2.
2019-12-03 05:03:04,940 [root] DEBUG: BaseAddressWriteCallback: Exec bp set on tracked region protect address.
2019-12-03 05:03:04,986 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x76B59B60 (thread 2732)
2019-12-03 05:03:05,033 [root] DEBUG: PEPointerWriteCallback: Breakpoint 1 at Address 0x0063003C.
2019-12-03 05:03:11,023 [root] DEBUG: PEPointerWriteCallback: candidate pointer to PE header too big: 0xc0ca0eeb (at 0x0063003C).
2019-12-03 05:03:11,039 [root] DEBUG: ContextSetNextAvailableBreakpoint: An identical breakpoint (2) at 0x00630000 already exists for thread 2732 (process 2036), skipping.
2019-12-03 05:03:11,039 [root] DEBUG: PEPointerWriteCallback: set write bp on AddressOfEntryPoint at 0x00630000.
2019-12-03 05:03:11,039 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x74C4CFBC (thread 2732)
2019-12-03 05:03:11,148 [root] DEBUG: BaseAddressWriteCallback: Breakpoint 0 at Address 0x00630000.
2019-12-03 05:03:11,196 [root] DEBUG: ContextSetNextAvailableBreakpoint: An identical breakpoint (2) at 0x00630000 already exists for thread 2732 (process 2036), skipping.
2019-12-03 05:03:11,243 [root] DEBUG: BaseAddressWriteCallback: byte written to 0x630000: 0xe8.
2019-12-03 05:03:11,243 [root] DEBUG: BaseAddressWriteCallback: Exec bp set on tracked region protect address.
2019-12-03 05:03:12,038 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x74C4CFBC (thread 2732)
2019-12-03 05:03:12,053 [root] DEBUG: PEPointerWriteCallback: Breakpoint 1 at Address 0x0063003C.
2019-12-03 05:03:12,069 [root] DEBUG: PEPointerWriteCallback: candidate pointer to PE header too big: 0xf6335756 (at 0x0063003C).
2019-12-03 05:03:12,101 [root] DEBUG: ContextSetNextAvailableBreakpoint: An identical breakpoint (2) at 0x00630000 already exists for thread 2732 (process 2036), skipping.
2019-12-03 05:03:13,052 [root] DEBUG: PEPointerWriteCallback: set write bp on AddressOfEntryPoint at 0x00630000.
2019-12-03 05:03:13,084 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x00630000 (thread 2732)
2019-12-03 05:03:14,082 [root] DEBUG: ShellcodeExecCallback: Breakpoint 2 at Address 0x00630000 (allocation base 0x00630000).
2019-12-03 05:03:14,128 [root] DEBUG: ShellcodeExecCallback: Debug: About to scan region for a PE image (base 0x00630000, size 0x11000).
2019-12-03 05:03:14,221 [root] DEBUG: DumpPEsInRange: Scanning range 0x630000 - 0x641000.
2019-12-03 05:03:14,237 [root] DEBUG: ScanForDisguisedPE: PE image located at: 0x63053f
2019-12-03 05:03:14,237 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump 'raw' PE image.
2019-12-03 05:03:14,285 [root] DEBUG: DumpPE: Instantiating PeParser with address: 0x0063053F.
2019-12-03 05:03:16,141 [root] INFO: Added new CAPE file to list with path: C:\dypUtWA\CAPE\2036_9528902081431032122019
2019-12-03 05:03:16,157 [root] DEBUG: DumpPE: PE file in memory dumped successfully - dump size 0x10400.
2019-12-03 05:03:16,157 [root] DEBUG: DLL unloaded from 0x751B0000.
2019-12-03 05:03:16,157 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x63073f-0x641000.
2019-12-03 05:03:16,157 [root] DEBUG: ShellcodeExecCallback: PE image(s) detected and dumped.
2019-12-03 05:03:16,157 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x630000 - 0x641000.
2019-12-03 05:03:16,157 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoint 0 address 0x00630000.
2019-12-03 05:03:16,157 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoint 1 address 0x0063003C.
2019-12-03 05:03:17,108 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoint 2 address 0x00630000.
2019-12-03 05:03:17,154 [root] DEBUG: set_caller_info: Adding region at 0x00630000 to caller regions list (ntdll::NtAllocateVirtualMemory).
2019-12-03 05:03:19,135 [root] DEBUG: set_caller_info: Caller at 0x00630115 in tracked regions.
2019-12-03 05:03:19,151 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2019-12-03 05:03:19,151 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2019-12-03 05:03:19,183 [root] DEBUG: ProcessImageBase: EP 0x0004E559 image base 0x00400000 size 0x0 entropy 6.440407e+00.
2019-12-03 05:03:19,183 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00630000.
2019-12-03 05:03:19,183 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2019-12-03 05:03:19,183 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2019-12-03 05:03:19,213 [root] DEBUG: ProcessImageBase: EP 0x0004E559 image base 0x00400000 size 0x0 entropy 6.440407e+00.
2019-12-03 05:03:19,213 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00630000.
2019-12-03 05:03:19,213 [root] DEBUG: ProtectionHandler: Adding region at 0x022B1000 to tracked regions.
2019-12-03 05:03:19,213 [root] DEBUG: AddTrackedRegion: GetTrackedRegion(0x022B1000) returned 0x00000000.
2019-12-03 05:03:19,213 [root] DEBUG: AddTrackedRegion: Created new tracked region: TrackedRegion->AllocationBase 0x00000000.
2019-12-03 05:03:19,213 [root] DEBUG: AddTrackedRegion: VirtualQuery(0x022B1000) -> AllocationBase 0x022B0000 RegionSize 0x57344.
2019-12-03 05:03:19,213 [root] DEBUG: AddTrackedRegion: EntryPoint 0xda0a, Entropy 5.412764e+00
2019-12-03 05:03:19,213 [root] DEBUG: AddTrackedRegion: New region at 0x022B0000 size 0xe000 added to tracked regions.
2019-12-03 05:03:19,213 [root] DEBUG: ProtectionHandler: Address: 0x022B1000 (alloc base 0x022B0000), NumberOfBytesToProtect: 0xdc00, NewAccessProtection: 0x20
2019-12-03 05:03:19,230 [root] DEBUG: ProtectionHandler: Increased region size at 0x022B1000 to 0xec00.
2019-12-03 05:03:19,230 [root] DEBUG: ProtectionHandler: New code detected at (0x022B0000), scanning for PE images.
2019-12-03 05:03:19,230 [root] DEBUG: DumpPEsInRange: Scanning range 0x22b0000 - 0x22bec00.
2019-12-03 05:03:19,260 [root] DEBUG: ScanForDisguisedPE: PE image located at: 0x22b0000
2019-12-03 05:03:22,177 [root] DEBUG: DumpImageInCurrentProcess: Disguised PE image (bad MZ and/or PE headers) at 0x022B0000
2019-12-03 05:03:22,177 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2019-12-03 05:03:23,971 [root] INFO: Notified of termination of process with pid 2036.
2019-12-03 05:03:23,971 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x022B0000.
2019-12-03 05:03:23,971 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2756).
2019-12-03 05:03:23,971 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2019-12-03 05:03:23,971 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2019-12-03 05:03:23,971 [root] DEBUG: ProcessImageBase: EP 0x0004E559 image base 0x00400000 size 0x0 entropy 6.440428e+00.
2019-12-03 05:03:23,971 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00690000.
2019-12-03 05:03:23,971 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x008F0000.
2019-12-03 05:03:23,971 [root] DEBUG: DLL unloaded from 0x74280000.
2019-12-03 05:03:23,971 [root] DEBUG: DLL unloaded from 0x75140000.
2019-12-03 05:03:23,987 [root] DEBUG: DLL unloaded from 0x749D0000.
2019-12-03 05:03:23,987 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2756).
2019-12-03 05:03:23,987 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2019-12-03 05:03:23,987 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2019-12-03 05:03:23,987 [root] DEBUG: ProcessImageBase: EP 0x0004E559 image base 0x00400000 size 0x0 entropy 6.440420e+00.
2019-12-03 05:03:23,987 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00690000.
2019-12-03 05:03:23,987 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x008F0000.
2019-12-03 05:03:23,987 [root] INFO: Notified of termination of process with pid 2756.
2019-12-03 05:05:51,236 [root] INFO: Analysis timeout hit (200 seconds), terminating analysis.
2019-12-03 05:05:51,236 [root] INFO: Created shutdown mutex.
2019-12-03 05:05:52,250 [lib.api.process] INFO: Terminate event set for process 1632
2019-12-03 05:05:52,250 [lib.api.process] INFO: Termination confirmed for process 1632
2019-12-03 05:05:52,250 [root] INFO: Terminate event set for process 1632.
2019-12-03 05:05:52,250 [root] INFO: Terminating process 1632 before shutdown.
2019-12-03 05:05:52,250 [root] INFO: Waiting for process 1632 to exit.
2019-12-03 05:05:53,265 [root] INFO: Waiting for process 1632 to exit.
2019-12-03 05:05:54,279 [root] INFO: Waiting for process 1632 to exit.
2019-12-03 05:05:55,292 [root] INFO: Waiting for process 1632 to exit.
2019-12-03 05:05:56,306 [lib.api.process] INFO: Successfully terminated process with pid 1632.
2019-12-03 05:05:56,306 [root] INFO: Waiting for process 1632 to exit.
2019-12-03 05:05:57,321 [root] INFO: Shutting down package.
2019-12-03 05:05:57,321 [root] INFO: Stopping auxiliary modules.
2019-12-03 05:05:57,321 [root] INFO: Finishing auxiliary modules.
2019-12-03 05:05:57,321 [root] INFO: Shutting down pipe server and dumping dropped files.
2019-12-03 05:05:57,321 [root] WARNING: File at path "C:\dypUtWA\debugger" does not exist, skip.
2019-12-03 05:05:57,321 [root] INFO: Analysis completed.

MalScore

10.0

Emotet

Machine

Name Label Manager Started On Shutdown On
target-01 target-01 ESX 2019-12-03 05:02:27 2019-12-03 05:06:12

File Details

File Name d428282b40690f28f8703be3373459939916f7a9
File Size 688163 bytes
File Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 b015fcd9c1492a52b7751538edf5e335
SHA1 52103208de0b78652d2ea9df52e2612f489df699
SHA256 2fb5dc0763e93fd349aaf8bb53b444b8ef51b6011b872f535994a294eae599a7
SHA512 c8f05482f5be15acf27438cd0022246966679905ddc4e5997a62b16249071f5239cc5e9340ff4b8b82a0508faede29dd233c0a2e096f200f4db0357d97ab25c7
CRC32 375A8AED
Ssdeep 12288:mUILKCNARjwrJ8//CIrqs8hlbfytwX2CN:wS5qJ8/JrqsMutwX2
TrID
  • 41.0% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
  • 36.3% (.EXE) Win64 Executable (generic) (27625/18/4)
  • 8.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 5.9% (.EXE) Win32 Executable (generic) (4508/7/1)
  • 2.6% (.EXE) OS/2 Executable (generic) (2029/13)
ClamAV None matched
Yara None matched
CAPE Yara None matched
Resubmit sample

Signatures

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction
Yara rule detections observed from a process memory dump/dropped files/CAPE
Hit: PID 1308 trigged the Yara rule 'Emotet'
Dynamic (imported) function loading detected
DynamicLoader: IMM32.DLL/ImmCreateContext
DynamicLoader: IMM32.DLL/ImmDestroyContext
DynamicLoader: IMM32.DLL/ImmNotifyIME
DynamicLoader: IMM32.DLL/ImmAssociateContext
DynamicLoader: IMM32.DLL/ImmReleaseContext
DynamicLoader: IMM32.DLL/ImmGetContext
DynamicLoader: IMM32.DLL/ImmGetCompositionStringA
DynamicLoader: IMM32.DLL/ImmSetCompositionStringA
DynamicLoader: IMM32.DLL/ImmGetCompositionStringW
DynamicLoader: IMM32.DLL/ImmSetCompositionStringW
DynamicLoader: IMM32.DLL/ImmSetCandidateWindow
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/SetDefaultPrinterW
DynamicLoader: WINSPOOL.DRV/GetDefaultPrinterW
DynamicLoader: WINSPOOL.DRV/GetPrinterDriverPackagePathW
DynamicLoader: WINSPOOL.DRV/CorePrinterDriverInstalledW
DynamicLoader: WINSPOOL.DRV/GetCorePrinterDriversW
DynamicLoader: WINSPOOL.DRV/UploadPrinterDriverPackageW
DynamicLoader: WINSPOOL.DRV/InstallPrinterDriverFromPackageW
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/AddPrinterConnection2W
DynamicLoader: WINSPOOL.DRV/OpenPrinter2W
DynamicLoader: WINSPOOL.DRV/DeletePrinterKeyW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDataExW
DynamicLoader: WINSPOOL.DRV/EnumPrinterKeyW
DynamicLoader: WINSPOOL.DRV/EnumPrinterDataExW
DynamicLoader: WINSPOOL.DRV/GetPrinterDataExW
DynamicLoader: WINSPOOL.DRV/SetPrinterDataExW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDataW
DynamicLoader: WINSPOOL.DRV/EnumPrinterDataW
DynamicLoader: WINSPOOL.DRV/SpoolerPrinterEvent
DynamicLoader: WINSPOOL.DRV/SetPortW
DynamicLoader: WINSPOOL.DRV/DocumentPropertySheets
DynamicLoader: WINSPOOL.DRV/DevicePropertySheets
DynamicLoader: WINSPOOL.DRV/IsValidDevmodeW
DynamicLoader: WINSPOOL.DRV/IsValidDevmodeA
DynamicLoader: WINSPOOL.DRV/AddPortExW
DynamicLoader: WINSPOOL.DRV/DeletePrintProvidorW
DynamicLoader: WINSPOOL.DRV/AddPrintProvidorW
DynamicLoader: WINSPOOL.DRV/DeletePrintProcessorW
DynamicLoader: WINSPOOL.DRV/DeleteMonitorW
DynamicLoader: WINSPOOL.DRV/AddMonitorW
DynamicLoader: WINSPOOL.DRV/StartDocDlgW
DynamicLoader: WINSPOOL.DRV/AdvancedDocumentPropertiesW
DynamicLoader: WINSPOOL.DRV/AdvancedDocumentPropertiesA
DynamicLoader: WINSPOOL.DRV/DocumentPropertiesW
DynamicLoader: WINSPOOL.DRV/DeviceCapabilitiesW
DynamicLoader: WINSPOOL.DRV/DeletePrinterIC
DynamicLoader: WINSPOOL.DRV/PlayGdiScriptOnPrinterIC
DynamicLoader: WINSPOOL.DRV/CreatePrinterIC
DynamicLoader: WINSPOOL.DRV/SetJobW
DynamicLoader: WINSPOOL.DRV/GetJobW
DynamicLoader: WINSPOOL.DRV/EnumJobsW
DynamicLoader: WINSPOOL.DRV/AddPrinterW
DynamicLoader: WINSPOOL.DRV/SetPrinterW
DynamicLoader: WINSPOOL.DRV/GetPrinterDriverW
DynamicLoader: WINSPOOL.DRV/GetPrinterDriverDirectoryW
DynamicLoader: WINSPOOL.DRV/EnumPrintersW
DynamicLoader: WINSPOOL.DRV/AddPrinterConnectionW
DynamicLoader: WINSPOOL.DRV/DeletePrinterConnectionW
DynamicLoader: WINSPOOL.DRV/AddPrinterDriverExW
DynamicLoader: WINSPOOL.DRV/AddPrinterDriverExA
DynamicLoader: WINSPOOL.DRV/EnumPrinterDriversW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDriverW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDriverExW
DynamicLoader: WINSPOOL.DRV/AddPrintProcessorW
DynamicLoader: WINSPOOL.DRV/EnumPrintProcessorsW
DynamicLoader: WINSPOOL.DRV/GetPrintProcessorDirectoryW
DynamicLoader: WINSPOOL.DRV/EnumPrintProcessorDatatypesW
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/SplDriverUnloadComplete
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/OpenPrinterW
DynamicLoader: WINSPOOL.DRV/OpenPrinterA
DynamicLoader: WINSPOOL.DRV/ResetPrinterW
DynamicLoader: WINSPOOL.DRV/StartDocPrinterW
DynamicLoader: WINSPOOL.DRV/FlushPrinter
DynamicLoader: WINSPOOL.DRV/GetPrinterDataW
DynamicLoader: WINSPOOL.DRV/SetPrinterDataW
DynamicLoader: WINSPOOL.DRV/AddJobW
DynamicLoader: WINSPOOL.DRV/ScheduleJob
DynamicLoader: WINSPOOL.DRV/WaitForPrinterChange
DynamicLoader: WINSPOOL.DRV/FindNextPrinterChangeNotification
DynamicLoader: WINSPOOL.DRV/PrinterMessageBoxW
DynamicLoader: WINSPOOL.DRV/ClosePrinter
DynamicLoader: WINSPOOL.DRV/AddFormW
DynamicLoader: WINSPOOL.DRV/DeleteFormW
DynamicLoader: WINSPOOL.DRV/GetFormW
DynamicLoader: WINSPOOL.DRV/SetFormW
DynamicLoader: WINSPOOL.DRV/EnumFormsW
DynamicLoader: WINSPOOL.DRV/EnumPortsW
DynamicLoader: WINSPOOL.DRV/EnumMonitorsW
DynamicLoader: WINSPOOL.DRV/AddPortW
DynamicLoader: WINSPOOL.DRV/ConfigurePortW
DynamicLoader: WINSPOOL.DRV/DeletePortW
DynamicLoader: WINSPOOL.DRV/GetPrinterW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDriverPackageW
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsGetValue
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: kernel32.dll/FlsFree
DynamicLoader: kernel32.dll/InitializeCriticalSectionAndSpinCount
DynamicLoader: kernel32.dll/IsProcessorFeaturePresent
DynamicLoader: kernel32.dll/CreateActCtxW
DynamicLoader: kernel32.dll/ReleaseActCtx
DynamicLoader: kernel32.dll/ActivateActCtx
DynamicLoader: kernel32.dll/DeactivateActCtx
DynamicLoader: USER32.dll/NotifyWinEvent
DynamicLoader: CRYPTSP.dll/CryptAcquireContextA
DynamicLoader: CRYPT32.dll/CryptStringToBinaryA
DynamicLoader: CRYPT32.dll/CryptStringToBinaryA
DynamicLoader: CRYPTSP.dll/CryptCreateHash
DynamicLoader: CRYPTSP.dll/CryptHashData
DynamicLoader: CRYPTSP.dll/CryptDeriveKey
DynamicLoader: CRYPTSP.dll/CryptEncrypt
DynamicLoader: kernel32.dll/IsProcessorFeaturePresent
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsGetValue
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: kernel32.dll/FlsFree
DynamicLoader: KERNELBASE.dll/InitializeCriticalSectionAndSpinCount
DynamicLoader: kernel32.dll/ProcessIdToSessionId
DynamicLoader: IMM32.DLL/ImmCreateContext
DynamicLoader: IMM32.DLL/ImmDestroyContext
DynamicLoader: IMM32.DLL/ImmNotifyIME
DynamicLoader: IMM32.DLL/ImmAssociateContext
DynamicLoader: IMM32.DLL/ImmReleaseContext
DynamicLoader: IMM32.DLL/ImmGetContext
DynamicLoader: IMM32.DLL/ImmGetCompositionStringA
DynamicLoader: IMM32.DLL/ImmSetCompositionStringA
DynamicLoader: IMM32.DLL/ImmGetCompositionStringW
DynamicLoader: IMM32.DLL/ImmSetCompositionStringW
DynamicLoader: IMM32.DLL/ImmSetCandidateWindow
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/SetDefaultPrinterW
DynamicLoader: WINSPOOL.DRV/GetDefaultPrinterW
DynamicLoader: WINSPOOL.DRV/GetPrinterDriverPackagePathW
DynamicLoader: WINSPOOL.DRV/CorePrinterDriverInstalledW
DynamicLoader: WINSPOOL.DRV/GetCorePrinterDriversW
DynamicLoader: WINSPOOL.DRV/UploadPrinterDriverPackageW
DynamicLoader: WINSPOOL.DRV/InstallPrinterDriverFromPackageW
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/AddPrinterConnection2W
DynamicLoader: WINSPOOL.DRV/OpenPrinter2W
DynamicLoader: WINSPOOL.DRV/DeletePrinterKeyW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDataExW
DynamicLoader: WINSPOOL.DRV/EnumPrinterKeyW
DynamicLoader: WINSPOOL.DRV/EnumPrinterDataExW
DynamicLoader: WINSPOOL.DRV/GetPrinterDataExW
DynamicLoader: WINSPOOL.DRV/SetPrinterDataExW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDataW
DynamicLoader: WINSPOOL.DRV/EnumPrinterDataW
DynamicLoader: WINSPOOL.DRV/SpoolerPrinterEvent
DynamicLoader: WINSPOOL.DRV/SetPortW
DynamicLoader: WINSPOOL.DRV/DocumentPropertySheets
DynamicLoader: WINSPOOL.DRV/DevicePropertySheets
DynamicLoader: WINSPOOL.DRV/IsValidDevmodeW
DynamicLoader: WINSPOOL.DRV/IsValidDevmodeA
DynamicLoader: WINSPOOL.DRV/AddPortExW
DynamicLoader: WINSPOOL.DRV/DeletePrintProvidorW
DynamicLoader: WINSPOOL.DRV/AddPrintProvidorW
DynamicLoader: WINSPOOL.DRV/DeletePrintProcessorW
DynamicLoader: WINSPOOL.DRV/DeleteMonitorW
DynamicLoader: WINSPOOL.DRV/AddMonitorW
DynamicLoader: WINSPOOL.DRV/StartDocDlgW
DynamicLoader: WINSPOOL.DRV/AdvancedDocumentPropertiesW
DynamicLoader: WINSPOOL.DRV/AdvancedDocumentPropertiesA
DynamicLoader: WINSPOOL.DRV/DocumentPropertiesW
DynamicLoader: WINSPOOL.DRV/DeviceCapabilitiesW
DynamicLoader: WINSPOOL.DRV/DeletePrinterIC
DynamicLoader: WINSPOOL.DRV/PlayGdiScriptOnPrinterIC
DynamicLoader: WINSPOOL.DRV/CreatePrinterIC
DynamicLoader: WINSPOOL.DRV/SetJobW
DynamicLoader: WINSPOOL.DRV/GetJobW
DynamicLoader: WINSPOOL.DRV/EnumJobsW
DynamicLoader: WINSPOOL.DRV/AddPrinterW
DynamicLoader: WINSPOOL.DRV/SetPrinterW
DynamicLoader: WINSPOOL.DRV/GetPrinterDriverW
DynamicLoader: WINSPOOL.DRV/GetPrinterDriverDirectoryW
DynamicLoader: WINSPOOL.DRV/EnumPrintersW
DynamicLoader: WINSPOOL.DRV/AddPrinterConnectionW
DynamicLoader: WINSPOOL.DRV/DeletePrinterConnectionW
DynamicLoader: WINSPOOL.DRV/AddPrinterDriverExW
DynamicLoader: WINSPOOL.DRV/AddPrinterDriverExA
DynamicLoader: WINSPOOL.DRV/EnumPrinterDriversW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDriverW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDriverExW
DynamicLoader: WINSPOOL.DRV/AddPrintProcessorW
DynamicLoader: WINSPOOL.DRV/EnumPrintProcessorsW
DynamicLoader: WINSPOOL.DRV/GetPrintProcessorDirectoryW
DynamicLoader: WINSPOOL.DRV/EnumPrintProcessorDatatypesW
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/SplDriverUnloadComplete
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/OpenPrinterW
DynamicLoader: WINSPOOL.DRV/OpenPrinterA
DynamicLoader: WINSPOOL.DRV/ResetPrinterW
DynamicLoader: WINSPOOL.DRV/StartDocPrinterW
DynamicLoader: WINSPOOL.DRV/FlushPrinter
DynamicLoader: WINSPOOL.DRV/GetPrinterDataW
DynamicLoader: WINSPOOL.DRV/SetPrinterDataW
DynamicLoader: WINSPOOL.DRV/AddJobW
DynamicLoader: WINSPOOL.DRV/ScheduleJob
DynamicLoader: WINSPOOL.DRV/WaitForPrinterChange
DynamicLoader: WINSPOOL.DRV/FindNextPrinterChangeNotification
DynamicLoader: WINSPOOL.DRV/PrinterMessageBoxW
DynamicLoader: WINSPOOL.DRV/ClosePrinter
DynamicLoader: WINSPOOL.DRV/AddFormW
DynamicLoader: WINSPOOL.DRV/DeleteFormW
DynamicLoader: WINSPOOL.DRV/GetFormW
DynamicLoader: WINSPOOL.DRV/SetFormW
DynamicLoader: WINSPOOL.DRV/EnumFormsW
DynamicLoader: WINSPOOL.DRV/EnumPortsW
DynamicLoader: WINSPOOL.DRV/EnumMonitorsW
DynamicLoader: WINSPOOL.DRV/AddPortW
DynamicLoader: WINSPOOL.DRV/ConfigurePortW
DynamicLoader: WINSPOOL.DRV/DeletePortW
DynamicLoader: WINSPOOL.DRV/GetPrinterW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDriverPackageW
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsGetValue
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: kernel32.dll/FlsFree
DynamicLoader: kernel32.dll/InitializeCriticalSectionAndSpinCount
DynamicLoader: kernel32.dll/IsProcessorFeaturePresent
DynamicLoader: kernel32.dll/CreateActCtxW
DynamicLoader: kernel32.dll/ReleaseActCtx
DynamicLoader: kernel32.dll/ActivateActCtx
DynamicLoader: kernel32.dll/DeactivateActCtx
DynamicLoader: USER32.dll/NotifyWinEvent
DynamicLoader: CRYPTSP.dll/CryptAcquireContextA
DynamicLoader: CRYPT32.dll/CryptStringToBinaryA
DynamicLoader: CRYPT32.dll/CryptStringToBinaryA
DynamicLoader: CRYPTSP.dll/CryptCreateHash
DynamicLoader: CRYPTSP.dll/CryptHashData
DynamicLoader: CRYPTSP.dll/CryptDeriveKey
DynamicLoader: CRYPTSP.dll/CryptEncrypt
DynamicLoader: kernel32.dll/IsProcessorFeaturePresent
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoGetApartmentType
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: comctl32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: advapi32.dll/InitializeSecurityDescriptor
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: advapi32.dll/SetEntriesInAclW
DynamicLoader: ntmarta.dll/GetMartaExtensionInterface
DynamicLoader: advapi32.dll/SetSecurityDescriptorDacl
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: advapi32.dll/IsTextUnicode
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SHELL32.dll/
DynamicLoader: advapi32.dll/OpenThreadToken
DynamicLoader: propsys.dll/PSLookupPropertyHandlerCLSID
DynamicLoader: advapi32.dll/RegOpenKeyExW
DynamicLoader: advapi32.dll/RegQueryValueExW
DynamicLoader: advapi32.dll/RegCloseKey
DynamicLoader: propsys.dll/PSCreatePropertyStoreFromObject
DynamicLoader: propsys.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: propsys.dll/PropVariantToStringAlloc
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: propsys.dll/PSCreateMemoryPropertyStore
DynamicLoader: propsys.dll/PropVariantToBuffer
DynamicLoader: propsys.dll/PropVariantToUInt64
DynamicLoader: propsys.dll/PropVariantToBoolean
DynamicLoader: propsys.dll/InitPropVariantFromBuffer
DynamicLoader: advapi32.dll/GetNamedSecurityInfoW
DynamicLoader: advapi32.dll/TreeSetNamedSecurityInfoW
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: OLEAUT32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: advapi32.dll/UnregisterTraceGuids
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsGetValue
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: kernel32.dll/FlsFree
DynamicLoader: KERNELBASE.dll/InitializeCriticalSectionAndSpinCount
DynamicLoader: kernel32.dll/ProcessIdToSessionId
DynamicLoader: IMM32.DLL/ImmCreateContext
DynamicLoader: IMM32.DLL/ImmDestroyContext
DynamicLoader: IMM32.DLL/ImmNotifyIME
DynamicLoader: IMM32.DLL/ImmAssociateContext
DynamicLoader: IMM32.DLL/ImmReleaseContext
DynamicLoader: IMM32.DLL/ImmGetContext
DynamicLoader: IMM32.DLL/ImmGetCompositionStringA
DynamicLoader: IMM32.DLL/ImmSetCompositionStringA
DynamicLoader: IMM32.DLL/ImmGetCompositionStringW
DynamicLoader: IMM32.DLL/ImmSetCompositionStringW
DynamicLoader: IMM32.DLL/ImmSetCandidateWindow
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/SetDefaultPrinterW
DynamicLoader: WINSPOOL.DRV/GetDefaultPrinterW
DynamicLoader: WINSPOOL.DRV/GetPrinterDriverPackagePathW
DynamicLoader: WINSPOOL.DRV/CorePrinterDriverInstalledW
DynamicLoader: WINSPOOL.DRV/GetCorePrinterDriversW
DynamicLoader: WINSPOOL.DRV/UploadPrinterDriverPackageW
DynamicLoader: WINSPOOL.DRV/InstallPrinterDriverFromPackageW
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/AddPrinterConnection2W
DynamicLoader: WINSPOOL.DRV/OpenPrinter2W
DynamicLoader: WINSPOOL.DRV/DeletePrinterKeyW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDataExW
DynamicLoader: WINSPOOL.DRV/EnumPrinterKeyW
DynamicLoader: WINSPOOL.DRV/EnumPrinterDataExW
DynamicLoader: WINSPOOL.DRV/GetPrinterDataExW
DynamicLoader: WINSPOOL.DRV/SetPrinterDataExW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDataW
DynamicLoader: WINSPOOL.DRV/EnumPrinterDataW
DynamicLoader: WINSPOOL.DRV/SpoolerPrinterEvent
DynamicLoader: WINSPOOL.DRV/SetPortW
DynamicLoader: WINSPOOL.DRV/DocumentPropertySheets
DynamicLoader: WINSPOOL.DRV/DevicePropertySheets
DynamicLoader: WINSPOOL.DRV/IsValidDevmodeW
DynamicLoader: WINSPOOL.DRV/IsValidDevmodeA
DynamicLoader: WINSPOOL.DRV/AddPortExW
DynamicLoader: WINSPOOL.DRV/DeletePrintProvidorW
DynamicLoader: WINSPOOL.DRV/AddPrintProvidorW
DynamicLoader: WINSPOOL.DRV/DeletePrintProcessorW
DynamicLoader: WINSPOOL.DRV/DeleteMonitorW
DynamicLoader: WINSPOOL.DRV/AddMonitorW
DynamicLoader: WINSPOOL.DRV/StartDocDlgW
DynamicLoader: WINSPOOL.DRV/AdvancedDocumentPropertiesW
DynamicLoader: WINSPOOL.DRV/AdvancedDocumentPropertiesA
DynamicLoader: WINSPOOL.DRV/DocumentPropertiesW
DynamicLoader: WINSPOOL.DRV/DeviceCapabilitiesW
DynamicLoader: WINSPOOL.DRV/DeletePrinterIC
DynamicLoader: WINSPOOL.DRV/PlayGdiScriptOnPrinterIC
DynamicLoader: WINSPOOL.DRV/CreatePrinterIC
DynamicLoader: WINSPOOL.DRV/SetJobW
DynamicLoader: WINSPOOL.DRV/GetJobW
DynamicLoader: WINSPOOL.DRV/EnumJobsW
DynamicLoader: WINSPOOL.DRV/AddPrinterW
DynamicLoader: WINSPOOL.DRV/SetPrinterW
DynamicLoader: WINSPOOL.DRV/GetPrinterDriverW
DynamicLoader: WINSPOOL.DRV/GetPrinterDriverDirectoryW
DynamicLoader: WINSPOOL.DRV/EnumPrintersW
DynamicLoader: WINSPOOL.DRV/AddPrinterConnectionW
DynamicLoader: WINSPOOL.DRV/DeletePrinterConnectionW
DynamicLoader: WINSPOOL.DRV/AddPrinterDriverExW
DynamicLoader: WINSPOOL.DRV/AddPrinterDriverExA
DynamicLoader: WINSPOOL.DRV/EnumPrinterDriversW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDriverW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDriverExW
DynamicLoader: WINSPOOL.DRV/AddPrintProcessorW
DynamicLoader: WINSPOOL.DRV/EnumPrintProcessorsW
DynamicLoader: WINSPOOL.DRV/GetPrintProcessorDirectoryW
DynamicLoader: WINSPOOL.DRV/EnumPrintProcessorDatatypesW
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/SplDriverUnloadComplete
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/OpenPrinterW
DynamicLoader: WINSPOOL.DRV/OpenPrinterA
DynamicLoader: WINSPOOL.DRV/ResetPrinterW
DynamicLoader: WINSPOOL.DRV/StartDocPrinterW
DynamicLoader: WINSPOOL.DRV/FlushPrinter
DynamicLoader: WINSPOOL.DRV/GetPrinterDataW
DynamicLoader: WINSPOOL.DRV/SetPrinterDataW
DynamicLoader: WINSPOOL.DRV/AddJobW
DynamicLoader: WINSPOOL.DRV/ScheduleJob
DynamicLoader: WINSPOOL.DRV/WaitForPrinterChange
DynamicLoader: WINSPOOL.DRV/FindNextPrinterChangeNotification
DynamicLoader: WINSPOOL.DRV/PrinterMessageBoxW
DynamicLoader: WINSPOOL.DRV/ClosePrinter
DynamicLoader: WINSPOOL.DRV/AddFormW
DynamicLoader: WINSPOOL.DRV/DeleteFormW
DynamicLoader: WINSPOOL.DRV/GetFormW
DynamicLoader: WINSPOOL.DRV/SetFormW
DynamicLoader: WINSPOOL.DRV/EnumFormsW
DynamicLoader: WINSPOOL.DRV/EnumPortsW
DynamicLoader: WINSPOOL.DRV/EnumMonitorsW
DynamicLoader: WINSPOOL.DRV/AddPortW
DynamicLoader: WINSPOOL.DRV/ConfigurePortW
DynamicLoader: WINSPOOL.DRV/DeletePortW
DynamicLoader: WINSPOOL.DRV/GetPrinterW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDriverPackageW
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsGetValue
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: kernel32.dll/FlsFree
DynamicLoader: kernel32.dll/InitializeCriticalSectionAndSpinCount
DynamicLoader: kernel32.dll/IsProcessorFeaturePresent
DynamicLoader: kernel32.dll/CreateActCtxW
DynamicLoader: kernel32.dll/ReleaseActCtx
DynamicLoader: kernel32.dll/ActivateActCtx
DynamicLoader: kernel32.dll/DeactivateActCtx
DynamicLoader: USER32.dll/NotifyWinEvent
DynamicLoader: CRYPTSP.dll/CryptAcquireContextA
DynamicLoader: CRYPT32.dll/CryptStringToBinaryA
DynamicLoader: CRYPT32.dll/CryptStringToBinaryA
DynamicLoader: CRYPTSP.dll/CryptCreateHash
DynamicLoader: CRYPTSP.dll/CryptHashData
DynamicLoader: CRYPTSP.dll/CryptDeriveKey
DynamicLoader: CRYPTSP.dll/CryptEncrypt
DynamicLoader: kernel32.dll/IsProcessorFeaturePresent
CAPE extracted potentially suspicious content
0s2pq1fZJ58j5H.exe: Emotet Payload: 32-bit executable
0s2pq1fZJ58j5H.exe: [{u'strings': [u'{ 33 C0 21 05 0C 3C 41 00 A3 08 3C 41 00 39 05 60 03 41 00 74 18 40 A3 08 3C 41 00 83 3C C5 60 03 41 00 00 75 F0 51 E8 6B BF FF FF 59 C3 }', u'{ 6A 13 68 01 00 01 00 FF 15 D8 1B 41 00 85 C0 }'], u'meta': {u'cape_type': u'Emotet Payload', u'description': u'Emotet Payload', u'author': u'kevoreilly'}, u'addresses': {u'snippet6': 21606L, u'snippet2': 5037L}, u'name': u'Emotet'}]
0s2pq1fZJ58j5H.exe: Emotet Payload
0s2pq1fZJ58j5H.exe: [{u'strings': [u'{ 33 C0 21 05 0C 3C 41 00 A3 08 3C 41 00 39 05 60 03 41 00 74 18 40 A3 08 3C 41 00 83 3C C5 60 03 41 00 00 75 F0 51 E8 6B BF FF FF 59 C3 }', u'{ 6A 13 68 01 00 01 00 FF 15 D8 1B 41 00 85 C0 }'], u'meta': {u'cape_type': u'Emotet Payload', u'description': u'Emotet Payload', u'author': u'kevoreilly'}, u'addresses': {u'snippet6': 21606L, u'snippet2': 5037L}, u'name': u'Emotet'}]
Deletes its original binary from disk
Attempts to remove evidence of file being downloaded from the Internet
file: C:\Windows\SysWOW64\compontitle.exe:Zone.Identifier
Attempts to repeatedly call a single API many times in order to delay analysis time
Spam: 0s2pq1fZJ58j5H.exe (2756) called API SendMessageA 491777 times
Spam: 0s2pq1fZJ58j5H.exe (1308) called API SendMessageA 490293 times
Spam: compontitle.exe (2036) called API SendMessageA 469197 times
Installs itself for autorun at Windows startup
service name: compontitle
service path: "C:\Windows\SysWOW64\compontitle.exe"
Installs itself for autorun at Windows startup
service name: compontitle
service path: "C:\Windows\SysWOW64\compontitle.exe"
CAPE detected the Emotet malware family
Creates a copy of itself
copy: C:\Windows\SysWOW64\compontitle.exe
Drops a binary and executes it
binary: C:\Windows\SysWOW64\compontitle.exe
Anomalous binary characteristics
anomaly: Actual checksum does not match that reported in PE header

Screenshots


Hosts

No hosts contacted.

DNS

No domains contacted.


Summary

C:\Users\user\AppData\Local\Temp\0s2pq1fZJ58j5H.exe.2.Manifest
C:\Users\user\AppData\Local\Temp\0s2pq1fZJ58j5H.exe.3.Manifest
C:\Users\user\AppData\Local\Temp\0s2pq1fZJ58j5H.exe.Config
C:\Users\user\AppData\Local\Temp\0s2pq1fZJ58j5H.exe
C:\
C:\Windows\SysWOW64\grphexa.exe
C:\Windows\
C:\Windows\SysWOW64\
C:\Windows\SysWOW64\shell32.dll
C:\Windows\SysWOW64\compontitle.exe
C:\Users
C:\Users\user\AppData\Local\Microsoft\Windows\Caches
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db
C:\Users\desktop.ini
C:\Users\user
C:\Users\user\AppData
C:\Users\user\AppData\Local
C:\Users\user\AppData\Local\Temp
C:\Windows
\??\MountPointManager
C:\Windows\SysWOW64
C:\Windows\SysWOW64\propsys.dll
C:\Windows\sysnative\propsys.dll
C:\Users\user\AppData\Local\
C:\Windows\SysWOW64\compontitle.exe:Zone.Identifier
C:\Windows\Temp
C:\Windows\SysWOW64\compontitle.exe.2.Manifest
C:\Windows\SysWOW64\compontitle.exe.3.Manifest
C:\Windows\SysWOW64\compontitle.exe.Config
C:\Users\user\AppData\Local\Temp\0s2pq1fZJ58j5H.exe.2.Manifest
C:\Users\user\AppData\Local\Temp\0s2pq1fZJ58j5H.exe.3.Manifest
C:\Users\user\AppData\Local\Temp\0s2pq1fZJ58j5H.exe.Config
C:\Users\user\AppData\Local\Temp\0s2pq1fZJ58j5H.exe
C:\Windows\SysWOW64\shell32.dll
C:\
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db
C:\Users\desktop.ini
C:\Users
C:\Users\user
C:\Users\user\AppData
C:\Users\user\AppData\Local
C:\Windows
C:\Users\user\AppData\Local\Temp
C:\Windows\SysWOW64\compontitle.exe.2.Manifest
C:\Windows\SysWOW64\compontitle.exe.3.Manifest
C:\Windows\SysWOW64\compontitle.exe.Config
C:\Windows\SysWOW64\compontitle.exe
C:\Windows\SysWOW64\compontitle.exe
C:\Windows\SysWOW64\grphexa.exe
C:\Users\user\AppData\Local\Temp\0s2pq1fZJ58j5H.exe
C:\Windows\SysWOW64\compontitle.exe:Zone.Identifier
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\NoFileFolderConnection
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\0s2pq1fZJ58j5H.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
HKEY_CLASSES_ROOT\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
HKEY_CLASSES_ROOT\.exe\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice
HKEY_CLASSES_ROOT\exefile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NeverShowExt
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.exe\(Default)
HKEY_CLASSES_ROOT\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\OverrideFileSystemProperties
HKEY_CLASSES_ROOT\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\DisableProcessIsolation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\NoOplock
HKEY_CLASSES_ROOT\ExplorerCLSIDFlags\{66742402-F9B9-11D1-A202-0000F81FEDEE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseInProcHandlerCache
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseOutOfProcHandlerCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\Directory\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\Directory
HKEY_CLASSES_ROOT\Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Folder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\IconHandler
HKEY_CLASSES_ROOT\AllFilesystemObjects
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\ShellEx\PropertyHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\PropertyHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\PropertyHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MaxUndoItems
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Advanced\MaxUndoItems
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\0s2pq1fZJ58j5H.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\0s2pq1fZJ58j5H.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\ShellEx\{2F711B17-773C-41D4-93FA-7F23EDCECB66}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\{2F711B17-773C-41D4-93FA-7F23EDCECB66}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\{2F711B17-773C-41D4-93FA-7F23EDCECB66}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceCopyACLWithFile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\ShellEx\{000214F9-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\{000214F9-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\{000214F9-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoEncryptOnMove
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\compontitle
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\compontitle\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\compontitle\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\compontitle\WOW64
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_USERS\S-1-5-18
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_USERS\.DEFAULT\Environment
HKEY_USERS\.DEFAULT\Volatile Environment
HKEY_USERS\.DEFAULT\Volatile Environment\0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\compontitle\Environment
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\compontitle.exe
HKEY_USERS\.DEFAULT\Control Panel\Desktop
HKEY_USERS\.DEFAULT\Control Panel\Desktop\SmoothScroll
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Network
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\NoFileFolderConnection
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.exe\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\DisableProcessIsolation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\NoOplock
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseInProcHandlerCache
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\UseOutOfProcHandlerCache
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MaxUndoItems
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Advanced\MaxUndoItems
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceCopyACLWithFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoEncryptOnMove
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\compontitle\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\compontitle\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\compontitle\WOW64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\compontitle\Environment
HKEY_USERS\.DEFAULT\Control Panel\Desktop\SmoothScroll
kernel32.dll.FlsAlloc
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.FlsFree
kernelbase.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.ProcessIdToSessionId
imm32.dll.ImmCreateContext
imm32.dll.ImmDestroyContext
imm32.dll.ImmNotifyIME
imm32.dll.ImmAssociateContext
imm32.dll.ImmReleaseContext
imm32.dll.ImmGetContext
imm32.dll.ImmGetCompositionStringA
imm32.dll.ImmSetCompositionStringA
imm32.dll.ImmGetCompositionStringW
imm32.dll.ImmSetCompositionStringW
imm32.dll.ImmSetCandidateWindow
winspool.drv.#218
winspool.drv.#217
winspool.drv.SetDefaultPrinterW
winspool.drv.GetDefaultPrinterW
winspool.drv.GetPrinterDriverPackagePathW
winspool.drv.CorePrinterDriverInstalledW
winspool.drv.GetCorePrinterDriversW
winspool.drv.UploadPrinterDriverPackageW
winspool.drv.InstallPrinterDriverFromPackageW
winspool.drv.#251
winspool.drv.AddPrinterConnection2W
winspool.drv.OpenPrinter2W
winspool.drv.DeletePrinterKeyW
winspool.drv.DeletePrinterDataExW
winspool.drv.EnumPrinterKeyW
winspool.drv.EnumPrinterDataExW
winspool.drv.GetPrinterDataExW
winspool.drv.SetPrinterDataExW
winspool.drv.DeletePrinterDataW
winspool.drv.EnumPrinterDataW
winspool.drv.SpoolerPrinterEvent
winspool.drv.SetPortW
winspool.drv.DocumentPropertySheets
winspool.drv.DevicePropertySheets
winspool.drv.IsValidDevmodeW
winspool.drv.IsValidDevmodeA
winspool.drv.AddPortExW
winspool.drv.DeletePrintProvidorW
winspool.drv.AddPrintProvidorW
winspool.drv.DeletePrintProcessorW
winspool.drv.DeleteMonitorW
winspool.drv.AddMonitorW
winspool.drv.StartDocDlgW
winspool.drv.AdvancedDocumentPropertiesW
winspool.drv.AdvancedDocumentPropertiesA
winspool.drv.DocumentPropertiesW
winspool.drv.DeviceCapabilitiesW
winspool.drv.DeletePrinterIC
winspool.drv.PlayGdiScriptOnPrinterIC
winspool.drv.CreatePrinterIC
winspool.drv.SetJobW
winspool.drv.GetJobW
winspool.drv.EnumJobsW
winspool.drv.AddPrinterW
winspool.drv.SetPrinterW
winspool.drv.GetPrinterDriverW
winspool.drv.GetPrinterDriverDirectoryW
winspool.drv.EnumPrintersW
winspool.drv.AddPrinterConnectionW
winspool.drv.DeletePrinterConnectionW
winspool.drv.AddPrinterDriverExW
winspool.drv.AddPrinterDriverExA
winspool.drv.EnumPrinterDriversW
winspool.drv.DeletePrinterDriverW
winspool.drv.DeletePrinterDriverExW
winspool.drv.AddPrintProcessorW
winspool.drv.EnumPrintProcessorsW
winspool.drv.GetPrintProcessorDirectoryW
winspool.drv.EnumPrintProcessorDatatypesW
winspool.drv.#207
winspool.drv.#209
winspool.drv.#211
winspool.drv.#212
winspool.drv.SplDriverUnloadComplete
winspool.drv.#213
winspool.drv.#214
winspool.drv.OpenPrinterW
winspool.drv.OpenPrinterA
winspool.drv.ResetPrinterW
winspool.drv.StartDocPrinterW
winspool.drv.FlushPrinter
winspool.drv.GetPrinterDataW
winspool.drv.SetPrinterDataW
winspool.drv.AddJobW
winspool.drv.ScheduleJob
winspool.drv.WaitForPrinterChange
winspool.drv.FindNextPrinterChangeNotification
winspool.drv.PrinterMessageBoxW
winspool.drv.ClosePrinter
winspool.drv.AddFormW
winspool.drv.DeleteFormW
winspool.drv.GetFormW
winspool.drv.SetFormW
winspool.drv.EnumFormsW
winspool.drv.EnumPortsW
winspool.drv.EnumMonitorsW
winspool.drv.AddPortW
winspool.drv.ConfigurePortW
winspool.drv.DeletePortW
winspool.drv.GetPrinterW
winspool.drv.DeletePrinterDriverPackageW
winspool.drv.#234
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
kernel32.dll.CreateActCtxW
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
user32.dll.NotifyWinEvent
cryptsp.dll.CryptAcquireContextA
crypt32.dll.CryptStringToBinaryA
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptDeriveKey
cryptsp.dll.CryptEncrypt
oleaut32.dll.#200
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
comctl32.dll.#385
comctl32.dll.#320
comctl32.dll.#324
comctl32.dll.#323
ole32.dll.CreateBindCtx
ole32.dll.CoTaskMemAlloc
ole32.dll.CoGetApartmentType
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoTaskMemFree
comctl32.dll.#236
oleaut32.dll.#6
ole32.dll.CoGetMalloc
comctl32.dll.#328
comctl32.dll.#334
oleaut32.dll.#2
ole32.dll.CoCreateInstance
advapi32.dll.InitializeSecurityDescriptor
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
advapi32.dll.SetEntriesInAclW
ntmarta.dll.GetMartaExtensionInterface
advapi32.dll.SetSecurityDescriptorDacl
setupapi.dll.CM_Get_Device_Interface_List_ExW
advapi32.dll.IsTextUnicode
comctl32.dll.#332
comctl32.dll.#338
comctl32.dll.#339
comctl32.dll.#386
shell32.dll.#102
advapi32.dll.OpenThreadToken
propsys.dll.PSLookupPropertyHandlerCLSID
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryValueExW
advapi32.dll.RegCloseKey
propsys.dll.PSCreatePropertyStoreFromObject
propsys.dll.#417
propsys.dll.PropVariantToStringAlloc
ole32.dll.PropVariantClear
propsys.dll.PSCreateMemoryPropertyStore
propsys.dll.PropVariantToBuffer
propsys.dll.PropVariantToUInt64
propsys.dll.PropVariantToBoolean
propsys.dll.InitPropVariantFromBuffer
advapi32.dll.GetNamedSecurityInfoW
advapi32.dll.TreeSetNamedSecurityInfoW
ole32.dll.CoUninitialize
comctl32.dll.#329
comctl32.dll.#388
comctl32.dll.#321
ole32.dll.CoRevokeInitializeSpy
oleaut32.dll.#500
comctl32.dll.#387
comctl32.dll.#327
advapi32.dll.UnregisterTraceGuids
cryptsp.dll.CryptReleaseContext
--f53fe057
C:\Users\user\AppData\Local\Temp\0s2pq1fZJ58j5H.exe --f53fe057
"C:\Windows\SysWOW64\compontitle.exe"
Global\IA4889F95
Global\MA4889F95
compontitle
compontitle

PE Information

Image Base 0x00400000
Entry Point 0x0044e559
Reported Checksum 0x000b668a
Actual Checksum 0x000b66ad
Minimum OS Version 4.0
Compile Time 2019-11-29 20:33:54
Import Hash e6485047c948980e4aff0cef8e4ac571

Sections

Name Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00001000 0x0006647d 0x00067000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.56
.rdata 0x00068000 0x00032ea4 0x00033000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.94
.data 0x0009b000 0x0000733c 0x00004000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.09
.rsrc 0x000a3000 0x00008ba8 0x00009000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.86

Overlay

Offset 0x000a8000
Size 0x00000023

Imports

Library CRYPT32.dll:
Library KERNEL32.dll:
0x46819c TerminateProcess
0x4681a8 IsDebuggerPresent
0x4681ac VirtualFree
0x4681b0 HeapDestroy
0x4681b4 HeapCreate
0x4681b8 GetStdHandle
0x4681bc GetACP
0x4681c0 LCMapStringA
0x4681c4 LCMapStringW
0x4681c8 Sleep
0x4681cc GetStringTypeA
0x4681d0 GetStringTypeW
0x4681e4 SetHandleCount
0x4681e8 GetFileType
0x4681f8 GetConsoleCP
0x4681fc GetConsoleMode
0x468200 SetStdHandle
0x468204 WriteConsoleA
0x468208 GetConsoleOutputCP
0x46820c WriteConsoleW
0x468214 HeapSize
0x468218 FindResourceA
0x46821c SizeofResource
0x468220 LockResource
0x468224 LoadResource
0x468228 WideCharToMultiByte
0x46822c GetProcAddress
0x468230 LoadLibraryW
0x468234 GetVersion
0x468238 InterlockedExchange
0x46823c MultiByteToWideChar
0x468240 CompareStringW
0x468244 CompareStringA
0x468248 lstrlenW
0x46824c GetStringTypeExA
0x468250 lstrcmpiA
0x468254 lstrlenA
0x468258 GetLastError
0x46825c LoadLibraryA
0x468260 SetLastError
0x468270 GlobalAddAtomA
0x468274 GlobalGetAtomNameA
0x468278 GetModuleHandleA
0x46827c GetCurrentProcessId
0x468280 GlobalUnlock
0x468284 GlobalLock
0x468288 GetVersionExA
0x46828c lstrcmpW
0x468290 FreeLibrary
0x468294 GlobalDeleteAtom
0x468298 GlobalFindAtomA
0x46829c GetCurrentThreadId
0x4682a0 FreeResource
0x4682a4 GetModuleFileNameW
0x4682a8 ExitProcess
0x4682ac GetStartupInfoA
0x4682b0 GetProcessHeap
0x4682b4 GetCommandLineA
0x4682b8 HeapReAlloc
0x4682bc HeapFree
0x4682c0 VirtualQuery
0x4682c4 GetSystemInfo
0x4682c8 VirtualAlloc
0x4682cc VirtualProtect
0x4682d0 RaiseException
0x4682d4 HeapAlloc
0x4682d8 RtlUnwind
0x4682dc SetErrorMode
0x4682f4 GetOEMCP
0x4682f8 GetCPInfo
0x4682fc TlsFree
0x468304 LocalReAlloc
0x468308 TlsSetValue
0x46830c TlsAlloc
0x468314 GlobalHandle
0x468318 GlobalReAlloc
0x468320 TlsGetValue
0x468328 LocalAlloc
0x46832c GlobalFlags
0x468330 CreateFileA
0x468334 GetShortPathNameA
0x46833c FindFirstFileA
0x468340 FindClose
0x468344 GetCurrentProcess
0x468348 DuplicateHandle
0x46834c GetThreadLocale
0x468350 GetFileSize
0x468354 SetEndOfFile
0x468358 UnlockFile
0x46835c LockFile
0x468360 FlushFileBuffers
0x468364 SetFilePointer
0x468368 WriteFile
0x46836c ReadFile
0x468370 DeleteFileA
0x468374 MoveFileA
0x468378 GetDiskFreeSpaceA
0x46837c GetFullPathNameA
0x468380 GetTempFileNameA
0x468384 GetFileTime
0x468388 SetFileTime
0x46838c GetFileAttributesA
0x468390 GetTickCount
0x468394 CloseHandle
0x468398 GetCurrentThread
0x4683a0 GetModuleFileNameA
0x4683a8 GetLocaleInfoA
0x4683ac lstrcmpA
0x4683b4 GlobalFree
0x4683b8 CopyFileA
0x4683bc GlobalSize
0x4683c0 GlobalAlloc
0x4683c4 FormatMessageA
0x4683c8 LocalFree
0x4683cc MulDiv
Library USER32.dll:
0x46843c CreateMenu
0x468440 WindowFromPoint
0x468444 DestroyIcon
0x468448 CharNextA
0x46844c InvalidateRgn
0x468450 GetNextDlgGroupItem
0x468454 PostThreadMessageA
0x468458 FindWindowA
0x46845c DrawIcon
0x468460 SetWindowRgn
0x468464 SetTimer
0x468468 KillTimer
0x46846c GetDCEx
0x468470 LockWindowUpdate
0x468474 TabbedTextOutA
0x468478 GetSystemMenu
0x46847c IsZoomed
0x468480 GetMenuItemInfoA
0x468484 InflateRect
0x468488 FillRect
0x46848c LoadCursorA
0x468490 DestroyCursor
0x468494 DeleteMenu
0x468498 SetParent
0x46849c ReleaseDC
0x4684a4 GetNextDlgTabItem
0x4684a8 EndDialog
0x4684b4 MapDialogRect
0x4684b8 ShowOwnedPopups
0x4684bc TranslateMessage
0x4684c0 GetCursorPos
0x4684c4 PostQuitMessage
0x4684cc SendNotifyMessageA
0x4684d0 IsRectEmpty
0x4684d4 InSendMessage
0x4684e0 SetCapture
0x4684e4 SetRect
0x4684e8 MessageBeep
0x4684ec GetMenuStringA
0x4684f0 AppendMenuA
0x4684f4 InsertMenuA
0x4684f8 RemoveMenu
0x4684fc MoveWindow
0x468500 SetWindowTextA
0x468504 IsDialogMessageA
0x468508 SetDlgItemTextA
0x46850c SetMenuItemBitmaps
0x468514 LoadBitmapA
0x468518 ModifyMenuA
0x46851c GetMenuState
0x468520 EnableMenuItem
0x468524 CheckMenuItem
0x468528 SendDlgItemMessageA
0x46852c IsChild
0x468530 SetWindowsHookExA
0x468534 CallNextHookEx
0x468538 GetClassLongA
0x46853c SetPropA
0x468544 RemovePropA
0x46854c GetWindowTextA
0x468550 GetForegroundWindow
0x468554 DispatchMessageA
0x468558 BeginDeferWindowPos
0x46855c EndDeferWindowPos
0x468560 GetTopWindow
0x468564 DestroyWindow
0x468568 UnhookWindowsHookEx
0x46856c GetMessageTime
0x468570 GetMessagePos
0x468574 MapWindowPoints
0x468578 ScrollWindow
0x46857c TrackPopupMenu
0x468580 SetScrollRange
0x468584 GetScrollRange
0x468588 SetScrollPos
0x46858c GetScrollPos
0x468590 SetForegroundWindow
0x468594 MessageBoxA
0x468598 GetClassInfoExA
0x46859c RegisterClassA
0x4685a0 ScreenToClient
0x4685a4 DeferWindowPos
0x4685a8 GetScrollInfo
0x4685ac SetScrollInfo
0x4685b0 PtInRect
0x4685b4 DefWindowProcA
0x4685b8 CallWindowProcA
0x4685c0 GetWindowPlacement
0x4685c4 GetWindowRect
0x4685c8 GetSystemMetrics
0x4685d0 UnpackDDElParam
0x4685d4 ReuseDDElParam
0x4685d8 DestroyMenu
0x4685dc GetClassNameA
0x4685e0 GetSysColor
0x4685e4 WinHelpA
0x4685e8 SetFocus
0x4685f0 IsWindowEnabled
0x4685f4 GetFocus
0x4685f8 EqualRect
0x4685fc GetDlgItem
0x468600 GetKeyState
0x468604 GetDlgCtrlID
0x468608 LoadIconA
0x46860c SendMessageA
0x468610 UpdateWindow
0x468614 EnableWindow
0x468618 GetSubMenu
0x46861c LoadMenuA
0x468620 ClientToScreen
0x468624 GetParent
0x468628 SetCursor
0x46862c PeekMessageA
0x468630 GetCapture
0x468634 ReleaseCapture
0x468638 LoadAcceleratorsA
0x46863c SetActiveWindow
0x468640 IsWindowVisible
0x468644 IsIconic
0x468648 InsertMenuItemA
0x46864c CreatePopupMenu
0x468650 GetClassInfoA
0x468654 IntersectRect
0x468658 SetRectEmpty
0x46865c GetLastActivePopup
0x468660 SetMenu
0x468664 GetDesktopWindow
0x468668 GetWindow
0x46866c UnregisterClassA
0x468670 GetSysColorBrush
0x468674 EndPaint
0x468678 BeginPaint
0x46867c GetWindowDC
0x468680 GrayStringA
0x468684 DrawTextExA
0x468688 GetPropA
0x46868c DrawTextA
0x468690 CharUpperA
0x468694 CloseClipboard
0x468698 GetClipboardData
0x46869c CopyRect
0x4686a0 OffsetRect
0x4686a4 PostMessageA
0x4686a8 GetClientRect
0x4686ac GetDC
0x4686b0 InvalidateRect
0x4686b4 ValidateRect
0x4686b8 ShowScrollBar
0x4686bc OpenClipboard
0x4686c0 DefFrameProcA
0x4686c4 GetMenu
0x4686c8 DefMDIChildProcA
0x4686cc GetMenuItemID
0x4686d0 GetMenuItemCount
0x4686d4 CreateWindowExA
0x4686d8 DrawMenuBar
0x4686dc GetActiveWindow
0x4686e0 BringWindowToTop
0x4686ec IsWindow
0x4686f0 SetWindowLongA
0x4686f4 GetWindowLongA
0x4686f8 SetWindowPos
0x4686fc RedrawWindow
0x468700 AdjustWindowRectEx
0x468704 ShowWindow
0x468708 GetMessageA
Library GDI32.dll:
0x46804c GetWindowExtEx
0x468050 StartDocA
0x468054 StartPage
0x468058 EndPage
0x46805c SetAbortProc
0x468060 AbortDoc
0x468064 EndDoc
0x468068 DeleteDC
0x46806c CreatePen
0x468070 GetViewportOrgEx
0x468074 Rectangle
0x468078 PatBlt
0x46807c ExtTextOutA
0x468080 SelectObject
0x468084 GetTextMetricsA
0x468088 DeleteObject
0x46808c GetCharWidthA
0x468090 CreateFontA
0x468094 StretchDIBits
0x468098 SaveDC
0x46809c RestoreDC
0x4680a0 SetBkMode
0x4680a4 SetPolyFillMode
0x4680a8 SetROP2
0x4680ac SetStretchBltMode
0x4680b0 SetMapMode
0x4680b4 ExcludeClipRect
0x4680b8 IntersectClipRect
0x4680bc LineTo
0x4680c0 MoveToEx
0x4680c4 SetTextAlign
0x4680c8 SelectClipRgn
0x4680cc CreateRectRgn
0x4680d0 GetViewportExtEx
0x4680d4 GetPixel
0x4680d8 GetWindowOrgEx
0x4680dc RectVisible
0x4680e0 TextOutA
0x4680e4 Escape
0x4680e8 SetViewportOrgEx
0x4680ec OffsetViewportOrgEx
0x4680f0 SetViewportExtEx
0x4680f4 ScaleViewportExtEx
0x4680f8 SetWindowOrgEx
0x4680fc SetWindowExtEx
0x468104 ExtSelectClipRgn
0x468108 CreatePatternBrush
0x46810c CreateSolidBrush
0x468114 SetRectRgn
0x468118 CombineRgn
0x46811c GetMapMode
0x468120 GetBkColor
0x468124 GetTextColor
0x468128 GetRgnBox
0x46812c CreateEllipticRgn
0x468130 LPtoDP
0x468134 Ellipse
0x468138 GetNearestColor
0x46813c GetBkMode
0x468140 GetPolyFillMode
0x468144 GetROP2
0x468148 GetStretchBltMode
0x46814c GetTextAlign
0x468150 GetTextFaceA
0x468154 ScaleWindowExtEx
0x468158 DPtoLP
0x46815c CreateDCA
0x468160 CopyMetaFileA
0x468164 GetDeviceCaps
0x468168 CreateBitmap
0x46816c SetBkColor
0x468170 SetTextColor
0x468174 GetClipBox
0x46817c BitBlt
0x468180 CreateCompatibleDC
0x468188 CreateFontIndirectA
0x46818c GetStockObject
0x468190 PtVisible
0x468194 GetObjectA
Library comdlg32.dll:
0x468724 GetFileTitleA
Library WINSPOOL.DRV:
0x468710 GetJobA
0x468714 OpenPrinterA
0x468718 DocumentPropertiesA
0x46871c ClosePrinter
Library ADVAPI32.dll:
0x468000 SetFileSecurityW
0x468004 RegCreateKeyA
0x468008 GetFileSecurityA
0x46800c SetFileSecurityA
0x468010 RegQueryValueA
0x468014 RegEnumKeyA
0x468018 RegOpenKeyA
0x46801c RegSetValueA
0x468020 RegDeleteKeyA
0x468024 RegDeleteValueA
0x468028 RegSetValueExA
0x46802c RegQueryValueExA
0x468030 RegOpenKeyExA
0x468034 RegCreateKeyExA
0x468038 RegCloseKey
Library SHELL32.dll:
0x468410 DragQueryFileA
0x468414 DragAcceptFiles
0x468418 ExtractIconA
0x46841c SHGetFileInfoA
0x468420 DragFinish
Library SHLWAPI.dll:
0x468428 PathFindFileNameA
0x46842c PathStripToRootA
0x468430 PathFindExtensionA
0x468434 PathIsUNCA
Library oledlg.dll:
0x468820 None
0x468824 None
0x468828 None
0x46882c None
0x468830 None
0x468834 None
Library ole32.dll:
0x46872c OleGetIconOfClass
0x468730 CreateItemMoniker
0x468738 StgCreateDocfile
0x46873c CreateFileMoniker
0x468740 StgOpenStorage
0x468744 StgIsStorageFile
0x468748 OleRun
0x46874c OleIsRunning
0x468754 CLSIDFromProgID
0x468758 CLSIDFromString
0x46875c OleUninitialize
0x468764 OleInitialize
0x468768 OleRegEnumVerbs
0x46876c OleRegGetMiscStatus
0x468770 CoDisconnectObject
0x46877c OleGetClipboard
0x468784 OleFlushClipboard
0x468788 CoGetClassObject
0x46878c OleCreateLinkToFile
0x468790 CoRevokeClassObject
0x46879c IsAccelerator
0x4687ac OleCreateFromData
0x4687b0 OleLockRunning
0x4687b8 OleSaveToStream
0x4687bc WriteClassStm
0x4687c0 OleSave
0x4687cc OleDuplicateData
0x4687d0 CoTaskMemAlloc
0x4687d4 ReleaseStgMedium
0x4687d8 CreateBindCtx
0x4687dc CoTreatAsClass
0x4687e0 StringFromCLSID
0x4687e4 ReadClassStg
0x4687e8 ReadFmtUserTypeStg
0x4687ec OleRegGetUserType
0x4687f0 WriteClassStg
0x4687f4 WriteFmtUserTypeStg
0x4687f8 SetConvertStg
0x4687fc CoTaskMemFree
0x468804 OleCreateFromFile
0x468810 OleLoad
0x468814 OleCreate
Library OLEAUT32.dll:
0x4683d8 VariantChangeType
0x4683dc VariantInit
0x4683e0 SysAllocStringLen
0x4683e4 SysStringLen
0x4683e8 SysFreeString
0x4683f0 VariantCopy
0x4683f4 SafeArrayDestroy
0x468404 SysAllocString
0x468408 VariantClear

.text
`.rdata
@.data
.rsrc
h4(@Ph
;F u+Vj
Ph8FH
4PhB
v h@4H
PjMh,'H
jMh,'H
q(h`_H
q(h`_H
q(h`_H
uERh`_H
FD4*H
Wh$.H
F<y*B
@ Wh{+B
Phd'H
tRPh(lH
t8Ph@4H
Wh(lH
Ph(lH
pTh@4H
Ph(OH
~HWh0gH
u(hloH
uHhXoH
QSVWhXoH
WWWWh
QSVWj
u2h0zH
F8p}H
j,h }I
tehY)E
9=0#J
SVWUj
CChildFrame
Auto Return
Editor Settings
Auto Return
Editor Settings
Auto Return
Editor Settings
CDemoEditorCntrItem
bad allocation
CryptStringToBinaryA
Pc9pVQR27RCN%5Y%huQLJ~}91w?gI3X0EBk#%@HMjZ$PcfX}gqom%0?DHnr
e90+5DJWtMCpDk4cgRK1RIOycR+6Ltt201QilmYlji9TfFnyWtZWAy9+msb0q+XoXXYU/2jT9RRyqrAosIdcHGXeudWOtLvP6wvKpVyK6tg3NH/vF8EQjUYMp+kGnYDPRKrAXKSNXXjL6yGdEwzqMgoqxrPIh/lojSTm59uM7Ai54iE9nWeSEPohEh2fqBwvRMJH2BGGCXxEcaws/nWd3wNxs7Sx5xwPQpGLi+XywJi+2wHVtcF2fvH2RMsWOFYeNxFNN766U33LOKHnRX/W79Q9AXWt49cp9KWz2XGJQgYi1uMJm4delFXLCjIG5b3yWtpEXEc6P9nB5c6JpW+Pg9B10BOei66snyUH2VMvo9/xI+9VSliQeV6DU+l9NS6e/li2sRiwGFuHT7ilsIzPCBUiAMtukPi9OzvGz+UNSuNYWczSQCiVrVJ2eritZqcUzzcnknhrZs0CAlYYkWBx+Hn7sfWi4iv31KWTvB937kJY5EA+7c+hf3koqu5mtC3ELKHOSyaHGkXze0/brLgOPCpYE+cxDDlayVxte7qMFIoVx3aC2j3IqoQ9cBF17OTCrtOe1fOgOgJaiGRNqvg6CBp9lGQXNQBA+iCsZVZa7IxTkUgNvDNDozAAVa4x9oizVqaE7sQmd0Qti7RRSsTU4M0eTOr6Wl1J2HZ+ePyQ7qkFn+/hoGUTm1888BjEN7Xhj5mP0009Tng7Qo5RIcfaJjJH6xtD/4/oOR9t4LfU/ZmQw+CxgvRmDRF3ELITXLeTfY9NKqqaGSGEYKcFfgO/jnvz5TYrqMG3f4VZIKMd70TCc4jpSTjLSxR8ic0N7dYxqC2vKuuEpw3oxou62KsiHRUbWm9iO73Z60ZXSuozzQG4h9m/PjZRz1Lh9BvpN9ArDozNO33KvQDsZRh8z1OfW+AUZltcuoqQpc5/2lETGcRb71tl5lBExVBQmUXxQCBDqRCNKQpK8avhGonysW7IMaLJoVQtPgpaNaRfvtjSmNeNCX/6H0hBPrqTRZZ05tXtMJPZY74fe7+/RLZk5Fv4cf7taTA97PZX/oUcMagdbBHeRlgjHViaNnWXSQvKU/vU0O2ARF6yHYNp3sQoWolC1D5aTYNDKzfWKVfu5ZvANtQx3SfRPjkzpEte1WlpH65oCncb1jsI9gJxNwlvd4M/ac7zZgu7rsO9rEDBUQ6nZJNqgJNDBwn/M37fTWCGhrS+w2zGEjL6fVeB3YK84JjM3PAzLD1WukvgFby1UWsyo9SbE20eOcqIZVUXF9h70Jv9jiTlsll4CiEAk4ToB+7/c6XWg92gNYAOPmS3r0GqBK1OesX6nL0JY6XSdjlmZ5qE7xWt+ZIRIS+rXrnL0/+QoRH5LUHqvBmAr+NqrlF0G27z280bjAuOBXu5Actdfb+cjm7wr1vX+WptQL1Ovpc/EJAknm6oS5h7IthCdLDrcF+KyTg8lUh0jiDXq5YVOewpFQYBSWGRukPz8KXJjajlAcgZjGlgRkQiDXXVhQEeU5N4R/IDfrrY4BOylAA9wUbZn1yjCByzw/+hFUbTDgx2pqpJFQenplvaXqY+OWBtc5NSVa/TTOcXnO1HAvWMJqyJrn6q2ZfoU5JrawYeHnx0xVhVzvFKNobLHACyX2cdyjy/ejbJ0Wv2iTwDKbuwoWLBZRtsBs7XfOMo1WwnpZN89YS+grlRwVQS2YKk03CwIMJZ7IccJrfoUComDnuax4GZjy+Vv/P0jxg2e8db78khJt8RktG5Z37OJNIFXpy9+vk5EC0zdziicOObUPKwUmh1jQyybZhCaB1QZmFpUGtskkmSPkBjoT1P2no4t9A2DUkRLY6i9mwWWTNvksynEJIEPktSDps9RY0ci/E08q1nj9yVOgQGsm1bpxADy98z7KYecjKM+tu79mfTAwERYjOM+HOu+S/h2+QpP7d4WIWcfLuPMwaCjglqwTDiDf72iXJNohBDirQDdVuSD91zHtQVJky6O5wPYCZ1Utg2HsNruzeaSXNckA2w7btLs8RBnrbDhGB2V6OwcjsP0TsM/eG95KIw0xxHCTZBGk6RRhbQBMRUsNxtypeNKXhfVxGGK0fzqeYtDTIN1tHxkgGc/rKMqfBJRLnm5/9VnxFJPgoPMZgg3A+nIPmWpJbNMPQHNKy7cf7aLGkjgM85w33NNhSyiRW1yt4ujkNJj8XduBx9IhqjVsIG2/nbsg3RWY7w6b0fT0SFWQDVaSXuX9G3wltHTd+spP56HojsY/v9je8LsZ5tBW2ETVxja578KlWRG35W+JqI1l+3RYocnXLZq6O0Af/57OirrHI1/ygfXCqgb9+OqKDa2GKeh83aOtTjQs3SW8SJOQYYqJb5xz3+caBPVhGZW3rKpYGq2lfQF1rNOaycmecHU19wYV3axG7ywcSEemaTYjYY1dg7RHeTlLpnplNDPFkaPA1EKRAP0UjLYpA4zW1wmv8LzIiIcgrTucgCvcFqpYl1frIOv0A67DwtuOYBPftjbZPoV8SkSWONy75RuwuxfuSd6HRNJGOJsP9GArCQMSquxSlAPK0W2Ydj33SwBBLm83PbWOXAfP3YZXFMCexxHVLVRvqxo7HkUQ+muo1i3VnwWUzgKQKPcNUjlvFOtP4nw1dm+wrqCPi6KFvYJM5ivgsFIIKwzY2ICSBXgJUIjjyBYfSpTs71/4DkqzQD4iOG4+YUId52mGJY2Tvtv+ctX7x9CJpbo1bmIFz0kDd3RKDXTPIADEXavALVn+lr+B4o0JwkUWmX5UotV2NrWr0x7xG5SepSVAEe3o66OOdUO+ocK5QjO1r+RyOzWQ8pke6halaT/n0J7IkgxjBdgWQ6ezhTO61EbVy+HclT4otHVlLz9Q8Fi6w6+vo4flET1JpR0Jrgwc+/IjHSgwkpq9MV8R9zmKXmfyda+S4dRvj8ffC7GosoFuRhCnrKLImlQEZdhZTuSo5IVzfYiErW5h8KzIDtlJ9vPU3sWIPEeJ46nown3UoAM2eTJKg2s8ty/0VyEjwGzHL8oDnRKPq46BWGv0wWPPpndQZvd8ZQO2114osrDEjKurBSiWp3s+RG8HS9h9c4VBqCGWvQrAIJJWA1ibd1QQHCeVODAKsmwQuQVx/uNFIOJwcg1Z7UpOrljZ5LoXse2yeaaBUwv7ft5pOtc/9zhA+3vMu+a03pEtS2MQZoUWNKKKNS951Ry4EuHUuB4CfqzNoIAq7pbZNC8ghWth/2vfecOuvkEfeCRB4sFcZ2jSwio0kDRWZzuTSd5UEQF5yio72+slBGQpiT6pC5UmaE9xuKsaZKzZ42Xj6e3IohY8Mz4RHQRRoP49YTxNI+qnCdl3IzSDm5xEDZJusZ3NZcUbTirE3GlCW/FSU3mAV6FVxJs6xJWaSGiC+rv92cpJLzntdA1NQJ76/GTnLJa8+S1iQDeb6e5J1pKDtSAlIu9M9++yNltcjhwqspIDmcAg515OQZ6xJHp0/gtO6IUiqw5DPhclTh/M+NlkG0a5TeX7W8QL3bKBS9P86/HYBx0FTs0z4lxT/gXQo7bYDDZLbtfGtgpRTvX1xUUvaffYUgzefr9mTJSgpDJsGjcNFRzqkptKJ2GLPggMN9QX+h+5Rlv6AdK5o59G21lUEtgRtJ4wN1luxjRBxdb8AMpGsXZcdJHAlZR5LVrM3T6wyaNn/kzHEm/7Y1xnb6jef2zUeEXMtuzrXAsdpGOKe7sAj7VJ9IX/eujcKKh9a+tyh8AMTj9npixoyk50DK0LUXmTUHqR2NXzkLtbWbZsIbeiqc6DhlHfZtQReadECH+bUyGu/XFCcutoJB3S6sXKqcPNmCDB3iMFc6zua4L+xKLT1XOz4bGAPe+ocH53Ul8E9T8nIHQzEzR8xe9QOnmAPVPp8FXb8YoRpAQjD4UmVvlhW1e5NXH1+sFaYbsm9ukX5GiDGHxXp7oZ2w7v5UCCFWNxvBa8mLAehPcf30FFeyR4fki/ocBhXeMH3uapwiKJpQQQeqgPb9qIFNkt0RRtZJ2lyDthW8WcNx0WcxwoEm2o7xr+yDI/3WOrLsEZZbCA9++dFn8Yc7twg84sG7Cuues7frdp7ZJPFEnyRLqUkBL6VhQ6Yc357peojRd7mfZktCtZhQpexzz6oiSBgnxSgo9TId1MqaIK0SHSdt8qkpR5NvoLO6lZMriJ4kHgATjzqRO6pA8i/u0Hew7YvdsEh6+AWaA3N/1nUGv5/cZGh1udChD+cwkRnA2nKcjkBOBv4QZow4TgOXUgRnUkRCd6+1wzcI1EhgLjduz+RfmU2ntNqrsvLS7yf6UKekt1JAid08BaTmxEDYRp09ZoMN16w+tNAoajNUZl9Y8UUOE13ziD/zRmvkEwYrVRB3makDmbOitSVK2VWqh9PMZuAecR54AQbOsXCSrI+sK3eLJUwcc2BymJGZwMCfkXq7cp69iCt8+9goC9VWlHTN1Jo0TKdGCyiUlzMGJJAbOU4s09/sU4W6tmOmsh5pl3fUS39SUXSQ26L0wKc7FH47Iny4fFSab0XmqoEHlHpp0MxouxClvk6TNj5BXWYZLr1Ux7eFZl6JMqsXMfBLpGCuT3VS+0Xv6F7m0Swqv1omGRyYsIYrO/ccSV+5YS96tVnyyWVUeXVj7xLeMOfNX0kuoz3HK8oJ7HAh1v5eOvNipymKkwwgFiAmfAxW4FmXQ/KZR5CytZdReAZEpPZFQlT7RIT0g66DkhWgPYQHM4Q45zWTD4nj+1bVG0l1Cl/5b2l4bkI2S9K+Q2awMUn7CMLwWrU4U0gF+/5MSMvwt+86QQ3ZphJmL8RlTMlVhpZtfd8qUmZDRtDt8UUS5KPpEt5J8QYgnbU0KlDKL9pCiDlkJAZGP/qfHzX80OWizVBtRvLuSYvATDf42GJwSRzfppgKE2mVVuRrmi4Smkq+mq1oq05hmDvsqvknz9qOc4zbuQPw/kY98/ZuZ9dbRo6EnImd7O2RWb5msv7fEmi1atWdYgzaUDt4kOHK7VbM9RcizWYwUXCHyanJH1a+4RIyE4aSteg/k9MgD4blG0w4fejLc4INOVloPSo16eyOWsQJEJ4qq24Osv8YzBvxYDzBsofcpLzfHjZOPKbFQfVfaVjPZvhn2PDSpd2iwiiFVJchrp9Fba52hXIVGSlgFKv4iWwTCD20iRdaSXJf3E4f1s8Tn5dTC2OIobF6YAuGUYUVVc8+mmuR8aIxFy6DlH5ht+m/vU4hyb+4UUGw79EbRCNO9f/Ppm1E4t+hrgPk+sMDW+BHJp010KIfELLmEtW9lLR1AcLmbyAUOB8hJZA268JkNlWYx/GCvbKac1zOhISumE90ID1GTctppxRj1F0+ulV6IOhEBDcOyOipLPtrWLt4JuL5sxfhx1lFVIRbqfmxhprzEH2Jpk1BU6P+s1318E8GTYi2i30rc+l9ejBG5QEXlzB/dNpJo5KD6JUtY6hUHb7dIHhOuplRziF0HHHpBalcfkLOTy5keqTkSSjhWoOT4DP5mc8bk44B/YhbajjxjqvuCeKnBWLHcx+b3yQfSaXQODRI5SgZc6AIdLQ6DveQQilLtsBPzEp9Vyq4TYQJPQ8PQ1PS663hl73Y9aLGDRu4cqY/hEYskpCS2nOarbM1OsC8YeZTnhCOmLt9RiQWOFYWomwC0o3DdUfKKCg29pU4PMAK7bzcLr5Kdh6X8fr8dST190itKKhmQTZCGqWFtcdbnLUKuhJJT3kySEpm6JnJQwKLEf4x1uSI92YNKs8idZct2IKJWwAHhpqgIWOuHzPR9sVgUxgwY3SiE9IUisDUndVljgRHObvquP0IgYVscjzpjjtzjSXyUyEZSWQHzaFxyvRg4JRsAyTDs+1UmLWY72epMKYhodv4EfsRgZIiDP/2d9meBhxvOmE2sQCJylxnPDjoFVgVyYjePlRf7ozQirbU2Sa1M4D8Upm7DWdM7swANmgpZQukOrrZhqOrcz2vQJqP8oXuf+eU+YZ6nMbafvlZmZflySMrAnqBCo61Vkh85iEFbkKFYFBLfTs7KfFMduCEG9m0wydSR9eVDc1JcEO5Md3FFEzchX1bxo9JEM9wT38lATUWwP9CbucmnT55Z+LsloG23wMzHS2674styaJAnm3haXI7YU90pPG4CcvpZl70y4mL072bogYpj6N0Uy78q4Y0LyAYiAf39NXG2PbDdb/sPGojMmbzWUMKjvCx6yldXUNrRouRbZtSSMyZ4jpjAO4OtGiVuYsYbTFK0tCI4c4KVYU7eVt32p6csvTg6cvaUQ3Ow8GlhTUfxM1fxXXSid8HfZMTQ6O8ANP20TW8JcZZETeQ4sijhHwAPnhmFxFSQZEgr6x8CCnew+0Es1OKRAneC+F4SmofnmrzRCLln+JOt+ZhYkGOwJY7myHOZBUJN/HWo2NCbWMOAOIlzT0lAT+m9ZJ7TYwqBRlMRw/ONhaLm9JjfEFkHadOuClQoibdT9gJxt5Bha7ku5zqMPHS2w4Y4kRtQhGrAKXt2wLK3BFRJ0P+S3CMb1hnFXOVZprC+0MRph9L/oPTP5RFOOp9KFEX3PqLHMSQVxtFLg6tXDJzHr5oXiUi4oa+nLT7lKBHAwXjhxHScbveVyxyQf/GZuZhbeuz5rjeexI7nPL4uEtPyetJBiddUpSErpzo2QJoCoWVB6mWkgPmdghdMuMtNSCJtyPT1QnHfh6iDjDT5AwcItqiUk5kWecPCwTnVj98TL86r4R61Z0J2svxYH5aun2KqjCZCQAF5Z2ATS8F12qFakavG6wJ9OOxfJYWF/LB+Vp8W0pwdON6eANfWRQ42lYKkxTOM6+L/SWALDXtJrcANMGzKLjkeV8kZKHKt09AIqUDhH14b9U49RAhedn5npICeW8y7ynyqjCtp2M4v9nw2uDwkCav+y2GPM/63uA3bptvS+9IdIZvsxzajCoIe6c1hkWizitk9wcbnYXXoVqV/1HadOzKDhpv84phv9fFQPSjCiKprJBMDqEAzihFJ9XOeZ++aiukWyUhAVNxKXs0iV7fJDbLcLwNuOJn9X86koobFQc38O3AYQ4ZjoIqir09YSn/VtFMQaZbuh+dKz+wOhwFpVr11ovBY+SGUmD8uFP6xfCEH95jYdPdtmU22eD3/+ZoHrEdYHhO0u7RAalp3VQHqCuYqdVkOPj6v091SGPMoMg0R9Np8S7bf6cel56cD4o9c0SmX3bwggKpeAtSdHn26hoWrCrFzfXPbd3EEMQtjwt0PTFLIe/JgHarCafVTPPlO9E1fo/8CezKqB9L5ojYLkNIZy2MAQdCvrMp3BqPMwhlc4Vh51Fs9fV0O98JyjwJgcez7/COmtYavf1irQRkzCb32kJmwwlucW+/b7d2h3FETLx65LEPxDviv44EqIaYWlR7oPe8owxjPLEzVcQJG+krXPskxSpUQP95fnZrWhVb4hjQFSMvpsgT6B/SZJ/q/ZbTcM95Zk6CSIjMGWgmawnM4NAaQgHXGXVvsBNgELXFidCVBc14+/u54AkRr9817DiEqdsAcIwb8GwTBFAF7lBrTeF6QHBs47O9rscAa3zj8QNuFHd+ApBtWHBAXEMOPWhvPolEqwSaCIYcZB7u1s05xyjwdKUx/tjggsywm/3ChJIc1L48HFcTrCXu2NTyPSgkVyn6230kF4gsMcD2g/oLDpr4R9MnrUmDKs6USg1S3AvYlV8PimDI/L/k01rg3UomO2G8/ZN60tKS1V6XkPVn6BrgtC8V+p0HUTtN7QH7gjEASCc7QHflLdd8MgSikMrKYZRmOeZhSJOpdC3LA3e5nrnHss3EY9FYipMUqg6ZvjkkiFReZ5xZZP1rfcTjkrWh8gkSTJGKkR4Y/s2dADhcq623fODFPZQJ40CFbJmutzO1eM0wpa+S9s2UXkbF3WBGaG2S2ongSIT5d6gC4tp2Y67JuSXZQ+d4XuMUiklYG0mpVbFzGw+SabEd9BFskmdXZZl5beBCD03yshn0cEkF+wrrcLcU9StL5DEVUAR5IxViN0A9WdeI7JQay8gfQ8e7fVXekBYv5tE0RWnIvPgEUxOUizUH1+1k+cwTH9Vtxn5O75TY2zgGiBFSbqaVquJKNJNLBq6w385oBN+102XOpZkKvzSQa13ur+xkiymY9htFSYwlJef8ObByBbkicsCpLHKxyemPLwB8k0SMZPo3t82VcFcG
Za6GvkfBcba+LydlOTRba7tAO2C71RszeYg0EJ1hSVNF+0AjkxUu5801UVVx5prqkk7qYEBCIQ+pclA3b9KqEA11H2fDhhHkNcJy1PlU/zLYJwMT/ZuP0N5IjaSqcT+4Y9XfvT6qu2wa9DMtnK7XYaxlKdUo0hL0lorO8oJCmy1GYTkROZyi1n05DeHMlk2XriNmaM0Ctk7uf/Ish1bBBr7aTkV7F+Nk3NdPnlAg58XpKqgGuLi61Zj0py4WJ/PK0dgZ6fqAHaazKpqx0MR8nRB96a88fHkvJ4izoPCk6S9uciEpClnznyQ7DwKiYL5sz86xGa9NtDEo8DOYbku6R/5dJ0JclAy4xN+mNFNUPmL0S/R+3pB5MEC1I+/ahErMw7iSTUwDO/e7fJFEyuxHWuPkgwIhZIo38JFDdxd0xyulGpGk8Y3y6vxSkugADwrHhjRUWfe+68FJiKqvMW0GSDOkv2vUjoNAF07eDtNYF7iHI1HEVgKhXuNp1cMeFX6LW3XC9KzNIA8y3OksR96lgHwuvh6wN0BEMAVpM+j0p85Os0/3WPfonbXjY9N/SFY7jrk/KAo5NRWEhG0xzJudzNmyzrzSYqAnvQyJpHU4ulrQN2H9cvgHn5RUD/dT+h2kDrbilWDuhi2XVi6QaOYjHOY2Qt3aukJtvmgqiKa1qGCSTOzWqV0F7C9WquQyBEszC0KHzyyxdR2hz7VY7iJwzsybPVYgl1cS8hgMSbzwsiA9rTY417B2m3v85cACyfc5arvKnaRTpQOECf41Dlfc8SqqTBdAgP1GJDGKlf9I7sKLlBpta7U4sw53pxU0TCnaftfMWRDBwZjJSKjbB9TzrIvd2fUNnvnnxnOBibZvh7qKqz4/m6A+BrzZcV+w45YfSIvZtQu22YQGTfqFBR492J4s63N1+77dmM/5ZrWBqmk7uQjZjkGFsZiQIZqMB/xTdStVEV48cbrCIQg7nTo81kpG+pswqOuoeSgem0K+lal8EQ5MInzNkV7OJ2WsyUSD0C2+77/UtVb+K0zIsXO5mMsEZTqDAGe2brLvQR7rhSbZSoCbDsk/8e69pE2IVbScApoY1mmytpRNtcjFx45+qWOHe+Grv2YOaRJ2jiThz3HPdELcISMduGE0YkmFzWDpRO0zoJbxGNCMo8LI7qJA7YcxGSs8Ud+Gf00jT/pRtG2l3NOZSwBjWozZiZL1AHd/Zn0t8x0QkT6CebmI/EprbcZEkZ1xlMcwXSXTmQKYWsvC9B1/fI5t1T2Irg5mijYj/B0ZYSRxSovJsfSgPaEKJcD2MoQVR2bczD5Ybiv5PaOIUTHmNCXlfnDGrQhIQo/Mid2uN2eyilcpHFU9LNYqn720E89JV+YwUreCoVt6wjeSihdt9B2tdD8sj1BjZ9UOg7MChLSW0HcTpPMhwbZ/6ljBcavwpzwHqOIKhPhZQNpO8oh1ycgJKDq8MsIATd9gyCg7C43kLQsTzh+76GKombe8AAmJ4bmwXKfkUmRdD/QeERJiJdes8MGPCNpWiIHky28cU/pmOW8FW6edB93Le4/nkmmOAeHZGZY3erciSmCBGjdn6u6qkrvg68Q+mhuqrhfJEFF7Di1lmFC+pnh8CxG2OVdctkT76tF9YVAh1VNHfrnMyBBJtHpLQOLaAJsT5JfT5a5OvirnomgJnTy6uVHPPMUYUsfyaYF8AX6E4mrtBpT0MbBjpXs8OKuB5rCnClSy/e29lqxx+aA/S7yMbcPF4EHfqSQFQnZEtjdLVHTArDsKy+B/5barj3fy1fPUdWodGOVEcMdIbBEON4cJ6lncm3uMS0F7XiMmQHzG2QlUXEtFi7Rd8Kh3Si5dTgrCf9pyz7td2EQ/Orkka4DmHNEDo9RLJhy1m62VTL8wQg67KauTQZU98knjZeXowrvE2buz2v8F9fWeOpQUUXZx42yhfvhIJJ7WSVhDbLHEls0oSi/iyggm/7fpvsPcm3g9GpSoHQm/+AhkhBZtpXKgd9RTU6AL5oEctpS6XUKdAOHaAm6AVYcTIiLluTWqiElMVpCcuH9a3KMX7B3OnjKbTB6FMZjGKGv+cqwppX/xr/cMjRz6VNVMhCN2V6L2qU63UsWK49G+JT3mQH7Nwv6CdQHEcj2SPkxU9Z9yPNnpM+kRlFcF45rLLRd2dq04MIZMrxpG4No5YMjlT0oz2QwbcKOvv3woiaV+D4IoO9pYcEHBwEDImTJY6qYWrgRJdj7LOejrm+3Yko76L39Lg5vmO+bsRfrt80uN2fjj3yuIoJbSFA+bpgCnlRdt+7uHJeph9/tyxbloVTTcn+y8DwfUX2m6T3DUjanELlwLmvaHDYBjHip+8Jvtb/tMyCaws9VxiWEghxygj+dM8OE78/TmzrrDYRZ9uy0wzD5Ir3XOPqDNSG7radfnYo2iv7Z82SAthlAcBwoISLNeHZBUV+YUnWjBn2rqq21lSVked7kW4H4Rubrn2yablg/ZYEEInIQgIo5wnuMOPgZGvquCyq4YCG0PyQ8/8cQ4SXZem4VTCCWwS8xWVVRvbR6F7eqegjeJbQkigDTj9ybMT0oNogLgzFi91PHmOoTrYDT69J2vGzkhkhhlUXr2vNrcc6pm45kziutyg+zFCyUf0mzVYpNyMBpGnI1BeZIGb2cNDfVfLIn1z2Xsl9I0sRby6UU/EyO3fxJza1254RiEbr4PLK/53WPrY8xyVc2X0UXtb/itdvPAMnYsNCEIBoSKOa6MrifR2HdFGUIqkzh8FBWwigFur1clS5k0vlltN70rqtkduZl1OtSLWz1tLzBq1KduD0sFEFKxVfPng/XI2NZTMhCfEaI69nxPsMfz8lqTtZ8XS3JMi/x9/agIgUvYF0aZihiiAAij56Cy6Ct/Wyq9537UB4fwF3hRS8dcLQ1aFeUVe2jr9MAvOCf1zonqcH2JaVEsK0O89YISVqPy9wv2bCKzjYqD5EJiZEZv9UaqOsYpv3l/rceJQ9uHMZbO/+5XiCmG+/imubLMi7uxbujgmGCqZKQ/iAi1YLUL17FbzoTlP4T7d3Cei22XbqqBU4hOyNmsjWsRipvgAIc/vrm7gObMa7m0V+11Jfgpjie7y/mon00i8LH4+/TfTzL4vzADo6L1dSFoUkboeT5MwVOXYuTV2WKqRkl2OwmH6vzyws+++Hr/K+BQC92g9jFTbJhfGSivXgvXlWAHlnjrKTmE2XGsjWGBTWaoY860gsD1O4/Q7f04+l9zsGj9IpXHSzDOT5qaB/y1/+TJjejgCd+F0LNjuISQ+8FadSMKpFVXqtxrgep25+LClW20xBZ1S3bv0OoeD7eXBwNA1by4PSw4jGzLVMARYIUPXSAr/jaNWJHKx+ZkKtwCWuY1OyUYHOVPpgxxYk4RPX/qFeqHjU7w/Mugm3/LKDRwjjlYfKbHrSwzeXad84mX2Ay4dAqgfHl3th86yOxGPenlo3JFsOoDUBQgpE9y7R/xRvtykrMkJLL423CAvsq257kTiUg1wsNSvpaK78mq8Ms4zEWxfRo9LSq/zHKcgbL1+QBwN8rS3BNfWc9zNfoXodGhEuwWN6ASGMJdwgkwl+OnsMaKoVxKfmapYOCGarj0xwnRA6KhE/t//Ex7wSD6YX3MO7UHOUkDR7a8XT/mlT8L0OkHcUaht5Qga/V1EF0UJu9hymO4YJX/JRWaQpAuT1hSI9UyDzR4FZTD7S4ZGFcO220iLky6rcMcgwR++6hAtH4uXOinTAHfATaC19pHaTiImE4vM5dzFyDLGrybPoIw7OSmuL03rjEfSCb5N+8wHdY8EZ6n6QvBF5it6CbmR2Nwa6vnT1rOJh2DxQz9BfeksoiKrUfrsmCa866oVhxnUN1Yp0lYgUdI1zQV1/x6PMhFl/XAOZfRppzUxFd86El8Lu9y2NShaUFIflGLT2FbyezbzYTxHv+q/wTEqfN8ItTOD6Bzk2i4WqWjDitv4Kuxaq654EclgtpY/ixOeEBKCXjXMA9pztdJYGnuM0dVHhf1BCnO1TsUR9AtTG9JXOcc+Eu+n4w3hYBBUUEYOh8H9drcQQR2fPys7+NxKKGlFhd+5BLYHEp5toLPH4+sqx8p277Yptb5DAPwrcU0A3qOJ1i1QQjTPFvQjtwF0rI2t1czCSXP0JNhLRWizHDZRxb/TKNteTYvYCMTsm/aTzMbvrbr0FdvsOIaiImhJcGcl/3s/9ZwgWmPn55Fe/V1ql2QNeTms6Xke9n5Rnm/mzvm1BWevhlwZqrHJHI5EFoqrt1/T6Z4VjDCcvO6A+F6kBGhoaY0T9Ur1rZ/jcKDqcCZPu8rcp3KGR7BeRTnkzbJ19oty/8Bx2GugpxEu7bWUamXn9ZTxOEi3YX5RZNDKq20FjL6c+u/0Z40XIpEpdFo5pj8PAkHpPIYfVO7nwCYMxHd+if6FhmQnKTZkBit8RaF+L3D2jCUnKqSi3ZnigmXksxd+5szh7tAWWMBKlAUsCb0/XuLshPB1UMBbTibwrkh0skgJAg4Ho0hn7ZjvJmX7yhQC4H5Liy6iDXv+5+fASFnBIOf5HgkndO+nE9xTt0bModJOF4e8u0l6w3Vmlf03F+dIJyiSavIzynZa9fVqZbbn/7Ocu5rTMJC4o0p2Aal7R5Kp9Cb+zb7Lm/J9PC2JwObgr8wLoEMjkgCrViENhyk5LMjzfFrLtZJ2ZkAKIEEX8FbCaVxLtMNylDc/CaW8CoZYAWsZ8uihgPxjAAzZJEnKNzMnQKjwLfaHjTdxHflLC78ckWuq169fG3/sb+crAC0e0IEyKMnUH3OCDXXKmfO34YoMn8W5NtLMrT1rNvEhJU/o8OBByblk4IoX6h5ZPrw3SSo7hA7HV77tDWVSowkMpkpngkVCMXzgq96HnzsWV1FSPTuSPXTV37K25qNiQPicgXnR/ImpqmvkEym+QXrW5GaYlyq/luLDJ/WK74pqik/RI39p50/801SKgeYyYdOuqtFyeeMDX0rH9Etm9uuZBtTO1USB7reFb4A+YClGhCHyJ1y8UynxFIi7rIAPMqNvjTXOoNpVMjK7AHs9coDyIXNV3m1cBLGVcMapqcu1Dqn/cUYtUWNrgh0hNGuPZUjY2ZJhjq29v35KJIe+LPTqn2vylCtfoTQfGMD73xCewCHKM3eYvFZEA5rTv9u1fX+AgXY+i4nJe8v14N7uBmhUfulsM7bpsF1mziCg6p0HQlU1aQ+mLYyJoMAeWkBo2QQtDkaL0e1j6kC98+/yg6KvsB7aQb5+PGC085wXCl1UASLxrkE3Oi2zWQjPteug+c+cMQ3/QVti3eI/WbJPg2RJNaaH7KfhjhWSfoSFCN1iUlrMxDnRS1DUZ2JSZXlKsV1zgj76eohnJDig+MpWXER4SbvjeNG2sSGlLeh+B4lxhH2d83jYDTGPiOzhPux7vkOnJbn6kHxElL++5TN4LhtoHgPmjmLwk02odYSdvGAjoFR6atNwKaDZt6ZHcTxfvpRtoQj4UgTAG9qki2c8Liwv/6vh2QUS9e1keaR3jTvJPqGMYrPtYYgkQucbQC2UzVY5LZlpfHdayQ7ZSkW8BtlCXbOh5pxxYMp9iNJm3a3db4N12210bXxfzKE5lewjkYDDYNrPznmdGHFIBooIVd/Ja+w+6PIgv/agKlR2VKXYT1x7Ay+Mta5hPO2g7uRWiCoQfe+zwvNi9SBuENyqgYu8+j3Q+E0XpYw1u3SzAJ5ti+FBGjh7DImPMJyfVG+C/69y2tQqT81vrtFpR5EZaDF1AphtIT0sHEIVXjKx3yM27gXpPePc0KUjxxRG8jCDunun4tUQOeycCpDID35P3yEt07Phz9qPVNoJpWC48WEZv8FNiCLQNgbJ7YaHKADDvisyYbWD7aW/x09dYOEm2j5kLvOPlM5dsmYnxPb5u6EiCP3s0Uoq2bnc/AR4HrvdLM+0LCHvx6fQZ1dDoTuMTUjrMvNQoDHfoz4Q5qVJ7bYiaKvOitYZy+LfQhmNq6mUAzeqPIznynrOIjoVExcuv8Sb8YoGf/fcTvd5L+CQsQXbUUpXExteC1fbxkE8KcK6S0dECwM6J7zh0A2RglBMoXN4AoX4elkulUPGyxX+fZVINvQVWmyj0BR2SZ1/F/BEDp5HHG7lrD+nQQvsngAC0CsjphFia6ZKhu1NNuv//7OF4jCXDmtoOePiSA4esWXgzkxdCxzXVH5TizkWGfdRTgqP5hc51U3UsGssVFv0yOsdbxh6sn1nePK49Qc83Pbghqn/gryLfKxDz6lim1037cA5TEbo7T1CzLzvfo3liOE0GEAcgq166pIRZcFLRr3BL9FiRqkbBS/YZJ+KA5F7Mfn/4ltwC/9x8wbBlmQePswlGNB/1bn7acfPnpgWVzJoRsf5ayDiPW6EK6w6XwllsOBWzZupphwYc9y5sk8gFQJWKCPRj13rEsbxTyrV7U3sDwGwY/G17RyjVK/XCTlFHclwe1Z3adg+qUwcv4BivxLqUw6jr3Hx/OFsrj6AmIN16bDZ571VCwG+XWDQ8+IGNx8LmG+aeKd6j25DUbZmj0z38cyCzvG/41OAkPKS7V5VDRtHFpLrWkGlPrGo5D3Ymay9BEPRNwWZDVKICHyW3WA8p3H4KYozwPAXjXz0onvQJg3PFtZmLxePgmXL2DKuuNJWUFCt9AC8uxnnIGp7E3DPxpapw37NBCQGos3mpCaztDoNngT/sqfto/eE9JJy6vgZ1vaRczuFE2tJo+dI4jMEuiNVdQFe5cWojAWd8tJMOoK10gUNPHbzsFOfIVrypyH+yMVwnjt/Fm5yDwU8KUQvkDGMlwkjtV+Eo6nkjUVyaNX6Wefu73CLOMaX3eqbjZZg3Pelpyp5iwmVhFnMcfM/n0Mg3pIvzIWIPM7EMJp/GnqSuRdy2v41peBNYbVRc6GmO8YfoGIakQnQ8f0NjSrMeIMTXPxY4iLBxUp2ifndgok+J9zAvElbRgrnSGXKGP3PL9Pj2Fad2cySrd6MjkJPSst3KW+V1bPY/VCAjPWGLjPYxCzBVhAnmrMOHIFRfESkp7Dd7j66Ql2EtWNQk8jpaG+/AHogmYTR30Nkoss5y+ushyUsBJM3oSOwRwpP0JNyycDSTn+LZ2LNBSr4zH9tMi4iWf+hi9kYsFJzFTm2JoZAE74UAeY/6ptzdf1PCriBifyPwKL22H6rEBPrMhfZpLDyme5vA0iCDkkZaawtEetFrn6V7mvLP4szAl9O3VaHcYRy97VICZ0Ka0oa1UgE26Bq/pHTc9Wkf7IbliwuePOZBa0FECU6aqZikY43N4gBrNoXJtXX9KqvKpiBuPu3xJ8LJhWKQYvIgk6JV4t8iLUfpmhMrB8vvr+Lc5nCSwYFmdVGAvXTU3bjxEDAepdDYiMD+u8huGDMqqsWTE8wtgSxx338GSVmhkN2lQxplzEAcXaEfwEl8csbpfbZJxH8krqHERAIBSpAAY0H7g7QDaNcNJQ599b7l1a0Grus1WLrCQYj25pWhsl4/OswxvdGkd1l8jC9k2Um0uw0xD8uQ1Atz87/RdJYmla3Ox50W0kau5tKXKSVB71rkPsR/gOkafuphpHGtiq0obXdAp2UdWQUJyeKp/gKf+kn4GRb/KSyo05+lStj8BZX+wkzNA6Uj/Lly70baqXKuJhb9RDrv+nF+oPZUJNAgIakr6Nvbv2vw1mX7pkfaTV0Q7TnUGNo7+MRKWh+b6A/a/dwKeKdiR/GYqEbN1CK5sueyb7z+qfvzDgopnZxJ4ebqwLHjphyRrqyb8GSWsqnqu63WgMtm9wxhIuTfIH1E5HHjh+/LlGVYfFeFSKVxFQ8gX5DBYpBbSmlF8SnKjE9XI0qIp1ByZdyJjVszcmPlO3bRAM0O5TrAoaWax3XrFcqN0RLXHg/20YMr6chYzeYboHmQoWaH27W8V+2bp/UMEuh8uWuGmKAc2FUVz1CCO+gNWPUICM6LO1wHKYCQjMtY6zPvLjEyKG4PA8EVHOi4ilcMpFbM5BsWSVYour/g89flvqnWQ8+W2iCpLFu8CABc7X4NEYasKlGEkS2PDRr230Hp0pIAnR9pNQWMYu+J5JltdUYcl5PKu7jj4hdl8PxZ1Y2+UdnsXZZm4PZRMNpVoTxE+scPeHPHHWnRYGF/Z/ahwK/7vyrqWzDYyLfei21HSDUYbMjWipr1bdbShP7CzB
QoNm3RsyethgeAPEX1nHaOmYx7SRCUKVHPyHjlFZWW5o3f5Lwxmj/5J+L0Rf8NwSEVzPbsiTmiYqoXrXUjoPE/N/NMHZtfe0W0MOJDotqGd3VgwC+S8YGGhJXiUlcCJ1ZPBKQvge4V4wg62SSkLg0UsQYTb1Bj/S3jMg2a8KIieW7LqDx+bs3faiLNpJgokMDqnhS2zIJ1L2ZehMHgTZnJ+HzMDGABy4qsfGZ04lmodECbuWg/DEfdI6iebe50uXdfqL+5Rj+htTLJbjsslnr+aa5OfdjPmsTvYJPB6IUAjWZBxFoiyqKhW5mK2Gd+VOqB4mQOSamICx0M3HboLIJ7CJCY5DccnY8FUnzQcQuf/BFRhXmo/Vd+nfBzLCsWEpS8ImV1Aa17t/68jxDtTvwLKPGAkpBN+X9LD5/dg8Ahz5tRNzZgVoNAEa6QXnZTo9TO8kGPG9Ldh95eMILQJhbd0cp1dTjbFpItj0W2g+umnEkLUfcP87zF/m38CSR+i8uYvb3C/AUh3LujnrU1BPye8g52LANOTU34nKfteAyVMUWLYRdFJuKhb2bsFMShNm+zKz9sC3KRNMV1RiNQPcrYm3mWL7ZC9GWcJnm9OHoPrxukMxVk4/2js0weiScvdcUv0arskOepYaIJEfx+vvM6vTHr2oSk3ZgNLkM7q53MzQqXkZnyVvftOVx5V/QMsLuy6Zuxn7AW16SpW/pQpKKGaD7keu+FBRKiU+476Jgx1C7Hgw/hghKcv6Uj3NbGeLywFuCQV1L1ZW3oV6KhMSMnwaTCH5nZ0id+72A+Z1Ls30u0NN7rLUaG82el2x/EdljQwFucx18vTvHKkOufrwGMqpu0wBGj/xBDH/y02zEDEsn7khtQUuSGOnLHH7ELgiArhD+GtwVOdcqh3LZZAbxSGneU8BWomeOlr0GbDPnLNxgGdrCtakMfKg0Tlt3udeL04TB2Xw3XUssfbwDoWgX7JRnzUJPmS/Al4QPXPbCoOtGRXM977LsR7v8VaCAT1wpT3+mzGSVbmrhDW2JpIKiItcl+Wsw0TDT8q7j0XQKqM/AOXsJ4HoBL/W/z1S/mSdkptUw5AE8AUjWhC7CHn1PuJAuNI8zBJ/qxaYchCHbQHl0kw5X6ptfShnyYASpLzft5GYbgfj2bQNwR9gmZciL5lNFRqF2p68Y3+k30e73+HNHaE5sMB/Ie0Qv0YlbTlXMR+daEXKKrUdRPqu1Q9tvUOHBmnzrllet8LEcVds7mY+k2ugI+plAz3AD6AwkBBo4xf54EbjwskhGBpaGxc9wB0I76MWnjmqGODwmCbh7FgkNdotfuFGYWh/U/gU3yn/+JmZCYQiS4NcOmlcoMY60pTFHX6KluAKdMQfshTS9bBRqQDjZD4467lsPYNR181xx2qCtl47XhrvZ5hl7vTPbVTaQv+YTAsfZ/7AF+IpriqCBBfTsWM9nQa0TOs3sbSi+9x4y3zVh5JiZBE4yvRaxX0Y8cdj+GIThGc2SogL9OrN9Ro/W/QrfGuJN0kB/tnCZNhhHUfmRehJ2PAQyZG45Uym/6c3Rvnc1UlIFR+h10+Dss6l9QW6q2EnRDXxBR82+2zRSaPakPjiFuHGYI+dFOhBHP/vbLEm5z4/g4u0aA69O5TUBsS/qdMplWGzvZIZUmGuSVMEQ9+Z4qsVW/E/u7e57+6X4VBpbuZDg9b9FPn/yhdCTKXWunQRDGsp5bS6OJm6DbsnGIl5w/cmavdR382tiUbKb0WsGgCqxigjsGbSulT5ipdRwkIDz2OoEoZnKUGIKjIxP3obA/v+LnYM9X9fJZ9hETNh+qZpEPIo9MNyUm3T2/CvQQs6F96u5/ZfYY6Xqb6U0Vwvlg01f4P6lf461Ynsh5G/nD5lBgItsG/h9rm+4O+eHxz1b7y7dooMh+H/I0d7EsGU0Sr2CHv6H8GNsfwXh+ytR8gszOW065T7j7FcPz1+0Go6CjLnuveQ4vYUDupzlR9IB/sJ4WjLk41xjPqk8k2d1neW+hFtC27XpzDNvSHAVs4Tbgzcmb0fsDaTYhiGEbr8Ycd9pizrnuTheVuneG5Iq+EZ7fw96UMhpU3aPNBcTJVOzrR6TmOxr2eZKPX08+Qh0rX5DiV4bX5lfbxJcHUahida4xwrsE0ReAXCOrn7lv8Kntc7OdBylaFHWII15OTU+MV8SnuUB/3ejY1oSEsEUv70YLprm6C9HZNbbQu3qW7tOLYvBgnSySlJzM/P7nC5Zv9NLgycl+gyHhT059Qfo0YpSLVOe//4q6in5TPrvKAmt0uIbu7aLwZ9JIiVr93PACW+FIZJPwwlQ37SeL1u6LsHJu1VNEIGdBg2AH6ZY/SSB6aHpDhBrLm38C/AhIh1dZLsmq51Lgd0E/4fO2JIVrBXYVh4YxOdx/sTQT22HTmz25RbHp62DUpCEpTD+gDy1ihv6Z6kQCs6MfcsWKH+tn5NvyQeFqO9aIYmofLPX0fvxBjrNIn1KclOYsJEDTKf4kGjVoY/yHEG0fQKJGRShjqZGt7xOewb5BBEe1bo46ux9zupKRhtZLFJzFVEyEJS66T3pU7Y4ZRHMSPreqRXET5Ru8PjJqLoD2AHVDBrmiRoNiGppmgwULhTWhkhKGp2Sp9O727k6QOF6tgM0bgNqCVtJJ9uzHqc+/UxiTXyZttHcqpG8zjutH9r9WRiSYZ+o4X7UU8ZtQlNLlCahFK3SnZw3rBQLHeACGXGZAWsXyXPHONxzBdsOyVb5yl+tMJSTfbjBTM6um17JSeDlf2hDA2grFEEb8hc0NsWYtlpszcL2TUL4CNrciovV+PgqfmBPa+ZGxUF1YKL9nZrUqLN7/mPxxoquZd31Pw+ka3nhe6xzcH8taOpoKat6CEBbSRfr0gQR4CBdz2Jgl5X2oyfOnCLJCcj9cvUZbV6bQniCKOF5MX8124Yxteh3K9cIs/VDQwB6ckRpEa0LaiBnVdhN5Drp8SC8NiQgb6BcAINPhXFu7Ne/RluJFFKXI3JSETrPXh5924REgxGpWLJUsRbKBIOHzZ+/RFMcYyfqv8tmQsDI3ehzKu3+XLP6gUN1sh8007tfQIdPvprDro/iTWLbyp7RaPlBtFxwPHYmsU3yBXchDvRHhnIFbCyd4iaUsxBlrwbGkQ3q1bpH9ugMGlx5W1AwhSramJvyBoRjonYiaFeEgmBrP3jZqaiDur2aeOW8cvYS85+Ho4/N7n2n56wq0/TXp/gLn3IOmgOggAXuPexWcuBq02Q02mxG+55lXcbZ6O++vwrZTrQ65hTR4/FWEqqkTbzFIDWeY+2zQgBMkHD+Qoqb1HmzLPLTJFZU+2c1VFzs4jHbmVmYYGwiUqgjlO5UwfYjIHSJYbn+jjirlj2UXEyG2aV3rZ2MeLRZycBIBUSFRpAWO1yvzThWamAOmM9InJtfQI3AaNJG/dz062A4Vc1Q+5tGB8HOlVMg0VVoaAsCfewetMEQhiZmPtbtMQxNQGd+Hm5OXZMG/QBDLU5RzYeztfhjZHO7ryYBPav0v7dmJ52JpZxlj0F83Qr776bmQ2L+xx76lXbRuxhM1+dr+KFfVP6GAXgG6e5v1F3YVzQvrCLPhTSCqR1lGBn/NbmseRcQ7JQP+meMWih7SfagrtLqnTdu9HJrvOnl5sUPxYoWIUHTs0AdL+r4bmomba4pD3d2J68aTpO0ilB4paz4esmZEHXfJUFBLpUe72JQnmGQ6em5+XCOuEDO2odqRSHwPT44Fxoaf3gDJ6Ey3zdqgkc4XDTAGXmjHFOfTnL589S5nnn0W6/wkKqqo4d889wSHcu1ywMW2QPqxa921RI4RTO4RXarusefIWNJ1kFrX5AHMoRwHRNa6sgcqxJem1luTs7C8cgCX1NA3sOu2qmwIJPg8YNoRMU2Bf0FAUw8alu8qYlNaDhZIYUICg/I2BNGO+gr1K+OqgF+jsh3Qg9oFjz912RFgzS7mMzuNVpEpWZWygUFqLZJSmQGNYSSEgrn+VqHPL99vavjCIuU/MZCrUKFwq3hFNFWhSqPbBLgHieUiKHsEajgcZp2W+oxYaKXqTF7hga0mXI0j/9VgwKqRN8+ys0JJ/Aeioayz8e0Ql911k2891q7/h/+jG3+KV56BMX/os76FM0wBiyzdC6Uj5c/8uhKYZpcAsMNpI4EF8FzaC9+1EKiwsUpRbVaxStCveoBqb86FyItbnwx48lGhZcNu4liAzYD74V7RbCYzV4IK36HPkamhkAbcTAIB6xAdrddGJtKuWR5T/X3IW31is2Y4LhKvd/YQJnYQwslc7v75Q7o0B38bC7FdTZnpTj2FPHwA2ZZWg3ffl878mEcU54jj7oYpc8SloIY3BSjgOdstx/rCcuatjSlVT1EPl1MvMkboPsRDPZwlM6C6sKRG9uX7nH1dU5EJwkXxjmHRoKnN97tqIrYzolPTsATleTYniOQJR7ejcXtX/BqiZtHPXpjgAxW6w0aDEPas7va+EVZLCGtEAK/NkPbUI3wtigb8eKsZ8AWdCpm9/ULx8N8fm6igdKznQ4ATE57JdCTD0LDS7+1PctnImlZ5RoxovCCkKXj2doAhWHqTVndMGaEefzogPCf6Tl0lsZPi+nYIg3z7LFtpKYnNPsYmzvyPSM5w0JE4SznEf6RtULbG6EikIOIf/QGpL2EpkFuoUjQvkwlNfCdyZnXsLUMuGFHm8YWB7QKUDp+FzRhnqN/JbKpuxbGj5d6qcD+8SUeSSiA13FDrp7en7SbLT3V5LQdeTk6R16Q7cfo7ZwEzig9PNikTzGUolmklafZjFNULQE7uJ6nXf6yvyW3DTwX36jdNCdOV7IeOvbEgW9xcYVlq5NGCxBFIVpOJK8A2kmbAAvtIpm97l9UjwIQAwH9Qr8Rhq0CFSud1gXUMqUAvqfkloNoM/XCTb7RGaRa3GzIMi3IPfrBFG/o2hbzN2ihfSACk0CpXsHwGT8tjgpPx+yl7tecw5EMG5JnGYdp6qGcaz7/6cgOCfXfTnR5CxbCS5V49WfIJmHS6zNbtEB77oXGbkVZmGvfCPMfsWHuWarZUvO+O6ru85PwBzqDx9YNCmn3/hB0IlozKgk6G9W/CpVJerr/UP7brONiCtQPkAE/vrb5rnNW/5LksITUh1x4Pz3nHH46BxRvMMJ0S5Nx9xFZObLBurKPg/Z7d0Zgzxbrvg9b/u+EN9VUI06AccYcMlRmrhgv7ANRUTVM7ZCmBtExnzefq64hbJ6TpwJeOUh8iLDWNRNyMinPrMV473iM/S1pS0oVW+IMtk4YyjaendcR4emUJ3r3O+NKR+Kw6ExT8hGGB87bIaQoYblq917UIHDOrVeybLaRiCoZZjx2qOlBSFrXqoXgO3s7ykY1hAp+NAfCk2nXwyw0MtxdSfJSIblc2HYEwNoxwQFhHExuFRDixsokVeBk4rshvQU+rESfXERyoJ8Eo7q9S93nBIS8Nd6EOQ5+9jESmK+NefUkQ8s93vsmlXXmdlMOM6iNAPLE4F7L5I4+MwkIg4Nb+hNbjymgCSwhuS93ew0GD32EZR6sIFvw7XZ/w7OPe8lPBaqP9cNzO3sSVfoad9Yz8yPfh7wdOmhFqUs99D2+CJDI1ijMEMQdbOamMIm7C29b4QRBAchmNe0+Q61Sa5rVWj6tyGIkZqjRGl77TD9w3ZDksTtVmIe+l2ITar1at4ux2VeTQKqXOtshuGQzkkMwMm7L7/K9bINioAqzTagW09uuJru6TD0N0wnsawBvTQKDSElzBvkGxYmKj+imlthkjMM5q43HCwnUKUFq4qEn7XcSBjqzDMyaM6b87KbxomuRztyFom/TABarAhRMY8ae7JztauS6rnYutg5N9Yft2EnPVEMxSxYg5f4vz1XM7zbPOWTaQ8M5Wo48aDq+qn4qZ0t0mgp4BHxGgCvagNdu8F6sQOXUnUrG2iGeb5O5HzRMBc5TDkHbBvv9brbfTgC0by/zXdTzlnUyZypGAZ5a7XEEY0TKbsnHPUoxbPXccKy67UlmLv6gtDnW65zEoSgkXH5TyVKFIL70MUmTiXg8zeAqVCS+T0q88HlYGkNZDwDr/2s4guugYAGGtdWwoZpT63uyX5TGukg7cCwoFcBXzfSx24/Xw0J/23vbd3fbCvrFSN5RkB9+4ZcEfldNVslGDQ/W6C+/qIZNouDBxxffnDXxeFpZoSH/tkspCnTi10xiwj3GB/9GHHdFsNB8K7AK84bvTyytutv4l/iNDimsT5lyxhqnav1waD2ZLi3U8MiUgvzxZ66dIoMxtm71T6OQ40593Z9++j8Nk/wtQVhS8wXDPo6FsQnz/QwUeKUGWgJ0OlNoBGsw5EyYTZUxmbvR8pGCqSgnockW3pscD5yUKrHwTDgYXqDCiN4HxdIq02ovbALn/wuiwVWC5EIlmj9yrwR1dHNdN1bu83lfodU16ViBYaznSvoNhtx2nXW7H+QoKNxAiB/Xrx+ooK7VSUl+Yb0tmMw3qHHsbPcWPHnNHXPewOSs2cEuCWkio69LsZSymqgMJGyTnfVSwW13tPe+ec3wsDspDTx2Tt4IxZgejuuqZVqnIQ093abXBev+7lSJ2KVq8jYjO42RaJQ1/YaVf07dXiiD59B2QQhvPGeX4MpczrTGdNtV4cUwOz0MTq7gw2RFMGo0V14GvIdguvB1bKHjM754TxJ02C4xQNc9gVa2TXNI3bQ4AFEapmDQeNFeiEKoBmhGN2IcWf/E2XQqye6BslTeOfbzeH7nRrTXOkER2q45CJdG3ZGGsftPqYnB8MgkCpAIMM6g8vj9q5oWN5/Gx8t1qRbjzdCu2y7733xfV0j1Ek2AOnwfuXgsPd8XfN/NgRZYe94voVHxC6bAmBl2IlaFP5EkwOTtuPrPgbKgpyqPK5mzkgW2zu7ltLyYOtGvJjpKg/NcrgXr6NsCS7fEYkaYhT5TYRmAr9tJT+p/FF5cKN0g9pbEz7FGx4lva/PPbtyzUoXZ5OGkKF9oZcpBFa5+P4kbOvnYX+M7KAwWxI6Kc+DtcH9TWRkO1MY/xW61uklqYXO7hOdkOzhlT0Ot2mK9KeCo6nggl81OJJID0O7SKGp1gKCQJ1Dkrpnh5Si6p8NXNTXqx1IwxOZgq151KfK3ww2w3sUViMxlly3nr67c1hmSZYj3WufeC6yp/amDDzatastD/3/WYY7pITPLeVZXp6fPVeeuLvr9FsCVQGCkZRSgJekqas2NNg6hhY7yX2Pt3mA6P6OneqVyF4ry+Hq9zDc8bAerONq6b4mH4VWXNQgu8esesYCG4wJq1wnLQXSBsf1cNcqqm4X3GkCP+IfitS+D81i8Dz8/o6Q+GYblNBzpBHVPM6ZeeiAAsN/1RMa4+J7v9Io8jmPmnB/4IWm9GW/O4ji7NmE/Hef6aB/A8vOSq4JTmTag24iIN5CIMvtwXfnlcNirhDWSIH3yNjPxZd8GG1Ng5WjmxtqYolLR99mg5Lh7eCAUnQWXER5JdpWh867thwfDI8OUOtsKO6eZIs73QmJ9gDeep+zlW++7fsowS2umjVO4nGsMaRg8dDm2Ixh7oOkFntfe7Yzr2MgT88gzFWksUYX87QAnpJJV4Lobws89jOGEZgXiLL3GE6rQG6CRI9HP/hGHRY4B4wPjRaC0IkSDHf9S3KISiqLyVSrJPH8+VBpzbpfV/Vg8jviLnmDvZsWHNjpB7tMge5qn8GAfJNxB7mNW1igPJMd2ZmGpF8kwH2ckdeIO7h21ITqaxLhlXCCsG/hroHoWJz+dRcnI59NtdG1HXCbQ+YGwSzq/eXQbL1Dgw66ZgQlgIE2X3ItCXdeakY0tWu6jXgEjww8DFiVsjXKRFb6j1YzFjF50CLpBd3/eCWncBdwghxX70bUBHjdypNWSBFGfzZkEN6nkvPbobV3+GOGL2dIF745fwDZUO5BSk/rK8a7LpU2wQuLH+/HOv8ZiKMkiDW4Y/tSh2BmhkfiQCscuYmVdPYOO1HC9jyW/PMgex+eHfzYDUESIdLYhoVBCwXwK1B3r46LVH0Nvu2QduyNvMiJ3+t5cHk1NbTkNG/vKjJlDIACeeBSyHaBmteTupfOiS0aguwp8SoHAUfjXFkd6gYZylgwKfJ//biwaBGFi1gVuJIgeaTXilRFwD+xF6LDAxZNowLzGGHJCtO7d8vypdcJRCiOGhE4N74J
ZPLp72f8Ob9xjhfmU39ujEEEZ/deuGpVoFFZbhUaMYp7RcJFd/1FWDoS6viQHbl6C3bI81MLSqo+F9gzlfJ2Xt+xr9F9Bezw6QNjnSBcRMbRdp/Mr3TIj4ZU1xDK7KMwfmeuN/HBsJLUUHBmxpOjh9yq+CIJJER12RIp0fq0pkYLzKV6dpB+0EfqrpSu+ZQjPVMCQGvBhaQZ5AtG5SppNR8MOYCYGGw1uYrNR1TvypJxf3CrW0uR24FriNokq9Md70pJPzAZezf+ZcN1URMYqShY+pfw+cjuYp/wj6eEv8FFpjR5b59aK3v3tf0mRYiXh0DWEpWBKwRfsEMUzVe05N+KPS2DW5d7Hw/828MY7SCtzjYyPCWwTgZfQ2E5nVVsuI8jfmUpM+P8hjr4V6yliGGW5bG3NMWcxaYMSs8Mt03m/vm2KERP058ZnUxc8ug55aGOpCJmMaI8t60resopF9gOETzQRcBD5b7RyPTyA1HCzhI6qJlSoECB/U5eHXMxfouJmYjqT0BF6HekD1m1YtfnVwJiB9lVmpb1qW3mZzJrg3MQNPyqV8AsWxGNxLtlW8AB/VYLvMAFSlpUrUVHdA/9a3YUtK3Ejjpth+F0M/y53bmpnu6HZ51t7loT/kUikicvhq1ZBI5J3JrBARznZ06LReZsQkL2xufEEAo70WYuz1cZLc/C32Sr0gx6u9CHn9Y+VCvRpHSsj6dpX1XisfT55KE33JDRMKD2QG7gNPV7H2swY5A9Eyr1dQWEM2z5Me189Wd1hzB7rQ9sLAZdA7tnDCdre+dxYVkRxSlHQBrChy3SB0Fq43DUo/tXcfCwBsgdnTbSH6VSeD7A61wlqBFSZgBZUmdHTnx4AbXp8gB3dMm5qw0eUd5HtoYh89tDN3FPIuIskrlRFb7BKNTMdaJB59d3EBDBVTfBffjQO8Xt0j3OUCoujvexTdE5nBNP/Dbfbs8HL9IHrWQeCtjpsM6dk2S/IvYfylBQMlHSV3LeuUY1NrZYc2g5KJ9cLpY39M2YhVq1h3S/kyy3/n4LS/MAFGKcPO++ipnOcY9pMiR7mayKKLoqLQDK59eJ9SMFbEYUok8ZqUVvXAqsuGG34T97Wu9cCZHz4M7e5BxIRlMuRmYlbYYQIxGSDNtXOOxXtB4J+QcjMlV2kZ81U93iYoxv3nX99BT+z4kQaXAzmdEwet4ALgYqOMYe2r4VKzuaN+/2gCTmhlgcgiTHYDerMOzKHpcAX4XKrk2K0WtJz3vHumb0xhwLmzUozESMAd7ovHJ45IeP6Rh6tfz76APdsfBqvTxGiZ8IoK2cTz/FRXt9vOPtonMe7+NWZJHiZQle239tq8ozDmNiZgONyn4Jpd/OxGjQtBn8wrMTDppQIiOfX5wJM5DrLkgMPODLtdowqqXKr8T2fCg/IdOBMluFF7HzypJvz/1jnCSgDGEaPNBreZAzo+QLbMmowmr1Q31dZCZDyzSAi2qIfidko4hi9t4OXymLb+cSNx0nLZ4eLxGw+MIaLMvi6w3AoqK4hdu+lrYo2fWeB7HK5MlOBHnboMBSg28xMYno0p2+j4jSpTP+QpXxO31rljaIl2vCYKByZKyuOqsES6UHo//jrtMrxBSruyfnYW8kRG0IwjTWVDv8jB/zMng29NE2wTy2T5BEh+mVsFrF08Ol5M0BVYSD4qajMa9ZF4+rRaDDtk6KvOH2piOaADFdpRhZ+Qia2t8Eo7w8YJvVUCbBnnNpasv+oAJPWZOuq87JOmbiPzLx2+JjWz1yuptM4nE3H8Sko5Evvtuiwf/9tQdbd6QcUI4wLs13QibmXGlnO2GMx8oh8+D1Bhv+BtZ8boujMzo7NExqPnlYpyP37tInZCHbgCK/HXZFDuH3nO3rywamkHNW8AIc/PKgJYSDqtTxEWNRARC9j/zOCsYnmxqu+eLTQFvVPihuSsS1o0RweiUSFi2nzw2NjpwuGvAfH+iUIllufi6DdWhLPP5G6unx/T8yCu+v5Ibwsu30SqrmE0W01uJ2V/IL86I28EnqOiDvPRBBPXyP7cf3Nf3NQ7s0auh8svZ1Jk5YmW4LDgTnTAX3+P/D80D1fuhxFgPnK9AqFtj/JIScZ6cQj4EwgIsJKoAr7/Km9CMJQU5be4mHDqmZCaGDRO4EnPhTlNaltP3soYKo6Trvk5Uzw26zhDuuD4K3xYrSvFAfXIv9OxTR0pjKZd2iRMBXUa7gFU5ePkpblJwoQiIqKulyu6u7xpGYD6WByVjoVF/yAcpl3th8jDa6Gc3IScUouv5Uv5UFpfLEvGJXx+SmfFJIQwOUsWvrG9iUIXyfVwIHp8lx+nvsjMIVsBR7fn75FtKApRh3FBT+8ZVMspRT6mkieSsXwHzlILn+3VM3tUKgt8E0QBrItXuB+jhkrSqQDpjwdtckaDuNggEuPiqaCwGsNbN8A6oao3yBnJxEN2YimdKcG9ZYYgHOmAdljgsnED5q3Vdb+VHgg6+adfHfpVt5JnH8GPGtDa7SHO21NJeGJ/RfIgzROalx04FcfPReLN9Eld2iUUHxazMqOazxVFlzpplaMinGXsGiMdyIqIr5vMAsJZuVzHvEbjFy9H8pLHr6InYFQKXMa/LYqf2uGqRp44CXB7XxKTm/knTc+qWKIp7KF/NODaNCSTWwSEkoEOop+UVCNNVEuEVWSBLloQvEdZKb+TmNrxnNJ8/Oo4Mh6sUUPvcD0qp6Th0AzPe9lB9Dmati5Qgcl9IOJ+PTZRjRm2V8wtEyJ4yBMvj7TmeqFW07Hs9Hx1EN0nQzj7A6t4VE2W4gaLhICL72Zrq985HsI3IRQkQeGBY9H6RsMRuZ/h/jCJXfie1wCBh+jvGkWXRBS/e86OBKva4e+TPgZh2/qglEMNH393fsDHGrps7RxKOhBfJREwIDA2X5+6GyHfMkPqvnOMD2b57Fic68IesSIPYRgq7ukM9FF6NGpETqHvbREepJ8oB6NuF743kwxm7MZNw19KXjOgr4lHMqsMS7ywMbCkn95/dY72hJPTFUMuvOMHgZJ+LucSBAzPwEHU+PvK3Uy0lWli/bX9zb5F7ASFMIvoAMtAgTdz5YsE07osQ7Mzw+Nap/e2Li1yJrJDCQKL9h4LPDbibw33Npg2p8xhFCB8nUYmB+9Ymv4kS5jpWjyWU81XIreG2IIH/VgIN/562LsnvpV9SPOUpzz/Tu0oUVFjYboZuVIW15E/pvoAgurXwSv09vwikTXqpaMHR39NOdKp2LdPNF3TYq35jyr96VMNCoDjg8SiNyHqwIE1BxUXb1cB/JLLMMRSUYVIojNldwN6Im9AFGNBTHmoZ+Ce79aRWWxWvlXajYhPMTUOg97yyObeCwuUZJGDdo0SxMuoKeRvEVoRtKjjGlpEKt5TpyCZXmwtmHsYY8m6jl7kJP4ieKm2jt+Sz2zmnbkNmAQguPPoCC3VkZli+XrKrflynsoo1IGeRk9LDS5EECDu7qVoJmI6AOQ2ETR9hGDbnc9PkhG0hjbyCAGEraDodIQYjW2476XMUtxQuneGAGHoyz3R+Jph4+nWijG6ALJbr6uuha2Tu4AaqSTkdkhMgEJDaOzFWZbO90w2WpMxBBeMaiEEZ6VMV79EKSnMQ1JzYVHr3VuXLN0z13zajYciIemkv3BKTNnvW5XPzuc5IKgAAxouupeuNJlhcz/rCJmn7OgS83LwJHGKdC0a2N5ljxFMi1D7HoFeodOR+IBMz7+TvCmDyVQrCDpocxMhEaUEtTvGi8WnvsO+ZzOFS0F+g7AiFMkRCA54IL13fsndXxzsqqun/yFnHwi7VxUIDWex7j8cub847HlOk4fzhKcoptyraZoJtyRcUaVR7OWnQpaLoax1lTuV/NRbeCWdrc0H/pktS4/I/cxqKcsU4ciF/gn96V/FriOmN1YGs20pzRZIlg4R7dMbGK+UZaGZa21fODL8VboZFTGiQjDBb6/IxAC33l+JlNha+U+zhMIi09m+Waz9wwczcE7UyxBIuVJH8lcqXCoHKryb/Nq5UGUkD3nvwhbXr0A+EHtxOLxDkTHos2OUNelpdzUJvizHG+3AGx5/5dQ77tpOME4ByoDo0QB9bt8NkFoiP2G+WFI8KiRUPtN0Wh24FRGyxZ1LYKsFKzDkQOKDq77G6j1ViKiUasFsRaij9XXicbRDA/TsC0r4V/nISWDnXs3DISJMgJ59j2lgsXg4VrudOL6GLULnX5PZ++i0RN/ItdUNZLCLW7Y2p+UvaEGiG4QREw73uuV7PqNfAkCZ+WLYiawveyUMcbbC+TcuHpH/HSLpNJkODs5cSGg1zoOWkHRxPYuGFE288WdeoBB5i5ht6rIDioUcZJLssMLmRk98M5j6AepbjqbVB67eKHPALC/VOVV4cbvkzQldTNL/mZrKd8NwRKjwjdedcazwrOtcE9a4A0twrU+yQHWvgqNhXy5OKPErDHaL3tjC+/eeRRS7gK7kr0a0ItfVV3yQhKozoyYOlDX0fxgxmKjM2UAVbwc2enICVGeHUARyvCOp56wmx175orZo6M3hFRsPuwY3ZArDAw0XVDW7IZWBKwQRS4Fl/iGdC76qe3TGcjlrUWoG/KSFnxuyPTL0NlF0mDHd5xqJYDd74av0hlbXlhdwwEBcZuUPfPcJWvfnjJ3PIG9EnvJGTVzbOD/ZNvX8nN2urVRo1T+UMFxCvysdy5x0NlCsbnPm6yAM+JjIqR1D5SkcIxuktTrObUGWM6KkYJ8rmvjlc7vFQ1n45VZKco2PuITDJAYQW7IZ7gYR6O5RbDo2VNTAww8bTZILT7BagVQyQA5JhnTPOaVuAHtdAmKYVJtFCgvYZ5vjR7R/157lHm3ITeDuM18iRdyDIXct2RYm+LItYGQS+w8pGpkZ1DzXsfNAXhH1hU5JhmXePUuF4E52Wck55W7NbRnJ9wbAWs3HiXe0B43nwM2Rri3dpFzUCiYDvf+81YdMoty6lj3slMEHp/q6jflTerlVTj5yAXSTOti+hYicPpmkqLJm46/qnB3J1y6evILtgpq8+fawxPgz31dd2PtknHTooc9Meu1k+NPpeQDmNS4px8J11OX0/7sXE+YnNZkOuSCgCT9XVedvvHgg1KMvrbsziVRVZPfk7NAGuJQ6M7wjYKxtHnXCnvAaRJipP166IUqn9RsIml6cNTZUJ8albxjKX3RBNPAL0OMemmXMvqiRa0WvQzy87aPhS8SSgd4fIe4HWtSB24lB1xEjfLSzlRjWRD+MM9NatLepNnucjHJAoCE74zWnqgh1LZlcIEKH7pBmPoJm3Xivrw9Yn2kfmlDDAKANQgMnyUsR+ER74Si9twuk4noTA9M5/Eogb+wJSiVGTHJffvJapsr4aRYQKZ6fq7e+Kf3myrFimdPQvBuzrZ+lUxNjq2HynaUx/EEC0yvcmIhsyIj1bM4ZxfFjJjR8ojtDDzNqNr1mg4tbIV7Uej2K4Q5suJ8iT57xOF/kXlTkv8Boxd25/yCasVccazPdqTOy55LtaZ6mbQREx62mNma5ZQrDPj8jWAf/4pKxpYbC++HQ6P9qYlEu4m5CjMPYGfphs2w8ntI5OhDH1/BAEmdfeB0mPowGueUFBk5kSvbIC7lwRcrs2H3K77x4RAZod9No3ZsQ6Fk4J57aXzQCO8+oRS8p7Gd22dJSb4VV3Q8yKv3FxCA16O0xZ+TEnuLL14gx2/zWDyzEevzDRheynG/JEUh9cAZnQfKmpKMlGGMeXj97q77VaRUkAXJ/XHISIRY0X6FeL+6evXmDWdyqLDtn+gRNbd5pnUOkqJcKIWf3bhGlaqlU2YZGh/QCYNt3aNvhCS9STgMruRCzctKNGg7IOJtM9Tja3WbQHJy3acV4Q+eno7n5P8zMlOhEnc25EZvMonLSszQXzrQrA+cd0FgHsTC3qvlyJ7ryI4/a+brp+Erp7UCL+U2POz7sG7BUB7g9y6dv2oVMqnBDcLwTacGqD0rnKtFT/C2Oe3J9GY4Zb6UnDeYKtiaQJSJEKuwoVWblUswucqo/5Hy4LCDTNysR021VegWnbsDMVUobgDbl1XZ4JYaDsgcKJoxYQCKR45LqXGg+ego6FilHok0wQIQFEMrOjnIUtFKL4I/7A1867XiAfospB4w5FCb7NknEWmosakghJT5AeWD3lJZvgU58gVfZB3+820R8VKie/ZK/527nKJFm8JD0zWmf8Xcjecd3wYVOZ9AmLYxXK18CT7q77zHseLBP7ag1ywsRmRgDEJDVIt0zGclCcCWAXXysJGV4dQ0/zXskGGaBTZMhMJNgQNJRSSMWOE4e/Iv3GLpJGMat/lmaV1TbnQBQs7uGEhAw58IoBbDTUPo6EK/An6ZM6phLUmhFNGE2mVtFniek3PMjy3Ty0UW66nVx1glt090ZA+LN4emjNJgAcNAZl2GTZV8PtgWNMr8xJF8D4YNAqgk6mwbG7XSCiXsv6rmgUYpwc2TjAXjSBeLZv168w6XrmlymZdQM4oonriA6t02a58HOPB38Mq7mw8duAWEH9hgXOBMl0wjSzHzb5+eak5RxVbrdq+C6R56KopvOmQ0RvhdUW5QlKR8KWEJwBAHehA5pDgaZmWmMtcORf4/dlVtGI0rD3JVIasRyVzP34tVZ8w1SXGb5Taz0lloUQt3vlGrsh0zpT6NiXV7F0y8IisTsu8uJNdOheHMiwyvNCdJKD+MLloyEKv5SLLOYf1cGFJa6fv7K3NGjnprov/QunsTJBk8o8Mn6eFIYV87hWxNcs5LXEOi+cRe0nsSUqleUA9pN5KtZgQSr1PgCclReuKtyYw1vrtjdW60IcUFsREylqpQqAA2m6zHahYJo4bZqKhJfaBxnrIhtK/+Lg2SLpTkTobDao8gDMNeB48C3vfHjbghTFP8tAAw0MculWz91zU2L2/2qUcA91IP7rNhXbrjdej4WxnHOGXoFldCBEiUompOakQYjT2R8WXUrDROvdxj7xSHCU3PPLDwEXx46veir1S7CZSzdf3W9zwKg+NgeRPB0hJanssp33fQRzRcLunfsQ4YnEK7jjJp1AUTFo3uaax3b8SWapDnEVjeXBIFJWqlGI0nvOH5nQl/g8FrdPcPivR2q2y7xxOmfmObyPLj+Tgz6wi4fcza91k/SncXuoGQcU2I6q0+9Fs3PbyG5jZFfb9BYKLqSdfftiSVWPJ3urn0f+QF0L+aT8sfAt0ILOlXPioS/oJ8sPYd1qrFYlpninmtxiNgjCzV3j4DDHzbqjWs2ZmvAApXXif2SEnlGY6NV21iof7npO+WfvjpDpUkEGaLxuXdD1nETXar/5mcAYB7SiEEyTCZvzVeNN3kKRXINHETyWwZWX+4/tHUGu3FEabQks7vIubIrl8hh6viKECC7v3B/Un5j2mzfmMa/frf/ddUORi3sBeEbw5F3dUSEQNWYdnTR/0gHzWxri3kg6mTaCROy1D8OMxBo0YSaHznK/cv9+Wn0Hdq3jRbYc1G7YlsnUjcCl+n/N/IkX+XfnF5ex0vL0Yq3FoYkD31cOxgqOSgyZtV9AYm1dNxB+NOq38sEqUpl1YwKgBGBvDCk8nRyJepd/YlEMjHdCpB+uiOwjfl9pL20+1vwXbTLaRk8ArFs/ddutFMmbc7L9sUfM8iPCviyT/LAiHHE7IIYPdV7k7xwOTfhS5DilpZkQ1knkNdGupt4ZDWN+W6H7UEFUbmGb6NOO3+1BygXLD2BCDR7OWvFktctwF/j2QdCMLjutnfY2UKoSH30mpXDGRRjfCJRnK6g697ARj0Q6ytekIL1nualjjoYkJIAL2iC7hHyfV5jgCo7/jRF/7mChhU6zDq/7skdHjn8E/p0oNOyUkiU2lkBD7r58u4A8wD9kgwstblHuw7BLeKfrDKET6+NDDYlDwfYW8+3vFZQVL3czK27acJg/2G9yBqaAFy9MWJDTHNPFFb5tXMJJLDJbD/PX9GZzG05rLZnHyROPDWK3PgLMVQ3IB0skFl87cVvToIXaTO2kSC/6UiFzLu2wl0OOgqo8TlM31VWn4JML/GuJZSZcBP7MA3iT3mamOHy8fguuYCxDU7J6bKTMnuHax6CYcxlUTZn7iZxyUvm2qYQO/2zmdgvOeReH3rETJKtSdDS4wVvO5soS264b5ALoNcLM95xzoKCs2YaQBQleakn9zBCCBhOrQKYvX
q9uuNgjKL3Vz70apIMei+OUQw3XmtvFq7ALFt50dhSaEPL9iFH/w4F43IJnp/In+1pP/yWAUuIMVB1/rGAtV2wxQuN2ysNZZIqplbRrq5jpDxTwyojcg4rYo5KifVWSzCL53fz0Yopjf/vwzCOEkN4W1y7t424Hq12xBVFmCAcouH7Htcy81tDzSu78gmiDTk0oTAYutFY+DkGbjAfPlKWipvCDEcnVg86AcPStJr9+wlp673ZcdXgT6PjG/PJxVkJbiBz+iFucxTqEKdJjBTlVL7E3HIbdurfWX+FoyL5ChI+LOsw4D3ak7/giqtxBXURMLnQ/UK9pgVzvg/Cl3nTTPX0cCI/vuxd4jNMPkha2Yvnt9jMyD39xz+yQULzEIHL5Rb518g72cpcr7QAxzSbAEW3eUW6x6rdsNXFaukhgUi04oMDP43dI/bY2JP90OJut3FRv2pXAp12omvLxdFpOJhl+OEEgwFfUsyLQHBlPjHdrIA2XxS1K+ljHobXLQUSfj7D4DUYPq2bkEUKtSvrDKQSrFIeg7kYoeCbV6MRv/6H5KfByn/UEpN8E1db+7FL5drEz3yrqG5Qvfq2TFcIeiektq789tIGIX9w+XFomCzTnkGjb3JA1PkywR7UZTGZoPggh7bV67diNhdOtVqXPC19AlXoa9c4XYwCEOXuRtuF1Z3C+T+y6VIPyMbvhhwwQELQJB4AEQK52ng1m78O+ZgEluld/e8LpYq5Lh27jd6Hu7XAxaiOAgpKMGRJx7kHZBfj+8Jx8ugroMsH26gHofTcysoeypgxTeM1OOWyhrqhurd0K+RuzqxflOsCsBXi5Q6JphtGrzyRBSGeeF7gOkqAypQ26I2Wvry6cfNC1vHkQtQ0xDpPZzWaScMegnI13nJ8T5CqU5ER3UKIeXGuvlRg9oBq34h2xKSWWLT3rT9lei7vbR4sBQQPpJupw75JdBevXJXcBxHIQXzXO3jOlIozxW6SnzfkpRzpzLlWZu42mBLlstIFuePHQg9Tq3/9zfMpJgPXRAMbHnW41w6G30kb8lohk0MONvdv6sIVRWAMUAEI7h+u6W1CkeWVU1BR9lNBvSWif3hgrCzF80aSYPugFrOSaMcJ4nHoV5adTooa6x44lFy00sBZTePh5wts+R1HBxUO2jdHds+Tr/NoXnDBcQsqo8XjPj1kphXM86PG1fV7NcQPqaMFRL2/Z+HhH6iapGGsy5aVae+s2yrSLG8pUFiovl9NF7jOfOSSxNm73CtIA2BkZ5VFm/EhAZzY9rPxMB8yYI0TgtUF0qkEzYTsXOShsKwhT1ui1SSezKtmlaK/XWpMQuQhcKzLiIxgeb68+Vyo7dWEH/yIfiDPHaSsL2/VI9VWVaqFHBvtpT1H2n0vMDjyakO6xFwBgjosaeduukFeXefC1XNfg72gUGkhOap36h6gy6/rgDZeHkgR4cKNoDeU1cchHjYaJwBiulT+VIjqg+dirKerdFa4mhqFYPU2bwlv5fHMoJgKQwFSDOaADVwWXo/C7W7uiYRkMSxAvqKEyu8eqqezWPOSAhzFNc+zf+tmJg0Bb5T7f3JcUtzFd+Bv8rxXKpobfCT/xc3HywrR5iI9qC78AQ8QsExKwwT7varBBn3o2Na9mALKLYG6xKWFmzMQA+wk651sHaSdDl6IFemP0CuvT5q+BxplyKfXvi0BJv4HK+pHzgBvJR30L2UV/SN60uNROC+BmBwaqt/4kuARm/VqHyHTKeOnaQg4aXgmHl/+cm02k//XfY88a/wNmN4MZUITAm72wogqoKDQJgCxhqodH69NtBQYW/AZE+XzjJP4oY8mjNkoVbA/tPr1lHFxpXWHGseTVZDDovls9flOQq7q595RxK3GxgSxxpzWVLMICc9aWUgJeeUalIRGON9GSBVVmo5C7reYfjKsydPLHH9vIjJJEYjV/DnLuNgVvVOLAQSShSfkaPPcdsVWSXeOTa7B2y+LwrW0UAdoVuLvdZfMTIcdS6TvkhC7wZ1ocaXxe+c3eicnPxoWzBrNEhBSZhWf9Q5LdCXkLB8RZ9DaBXaQq/CKLrsKMJaSeeFPablRsBsAw3D4k4dvuVzQBbZB8I75m74GhsHbUSIQDQnFTEDKEztr5sI9qy4Ik8tFxWcfmMu3DoFpisFtPXkuqCtVGCy28XwqAbRYC0SWSVU2VjI0yEmsUtL2aMVPBMm8hEHrObfe8loaSg/KkRmvPYNv2FCAExZyiwcMSOh2/GFtiuODUITaxxuodH5xNukKhgErYSsh6c9mvcX/0iwx9hYyBynlljO1HgkRF4vDzjE1j/hJ2WRUOLFAWTmbHTRxwDslJYwytu9fupxxpiOevgetiDjPyGK0tXCYeFbAkuvYEa9uzKKVI8Um6WTml3a4eteedTzYbzcIvvrVoJgInB87SE4IHqMYzWLL6FATqf91CIJrnpYfyIlYLQuV8bZm++X8c3Pe/48C+vd6WtFd30veZHlidI69XnGwHfZaj+RbZ/64kJ6S5N7OYQnaI84Qomyye4TVzc0mFNWmkCTIMWIkGsy462wvQSb6Hf6fmEClBxQiiW6Mvm34AxdV2SevqXNp9jU0z9JJyF9Tvqgosr+mdGrBqa0PCd18jTOJHICehnvrsYsIIqjSHPENeUnDoAVn5b85VYvl0U1soew6c059XAaAoAotIeeLYFbByJPjzLrIovoL2EGJmdoPJrDEMasWKiBmvy2GFZmzVQ96JAMrFFMtJ5A2dKUU9ijziQ619A+4WQTqXcGn8HwjievVG9kR5exyFwdPa9kjrbUXaK2Nn/HJWUOhkB7SHxbCgxiSz4Ct//zqm9YbMvKckh06lv6oPsgdYiG2jSdU7Y77QOv2JV+11fzGi5PtTxXKVj9DqaUinqfPalXNeHn1ZDmVioSNR3xiJ0Rxrzpvcjx8ZsCXOQWw4OnotuvaYQ1YOJooKhO5ITKVJB0Hr/6u4t/jsjli1CeBedBM/LgYovBdTJcT9zW5WxwB7oHtlVSWQcsdfJcLY121zl2Cz0BXTQkkisxYvqRdstemA6dpUwehAvJt7GaBKVBH7ZNyA39MPpAu3/qtMVpiOKNq8JMElvik6UqZh03vO1fksDKqRzK+X8vnfG17v0KAjPpgdDCPAfxvvyP+nX2lp5JpW2yU9+mkxkVcd2VvZVdZOaotPmQkVgWGojlocZiv2B4Vhmd68Owss8QBceH5pll2lY2yN5E3rJpmME1ke+PzAVz1iDl2synyTDa2nVnFpT4EgnPIY7zRE0qTxTsxwK3RVvCAKjuVHtfACOg3/WWiybPIzPknLstmlz92mXMkQZJviWwgUeKStVPtycLY+I/aS8yghWjhb4Mu1FrFPOqazshKppkZ184qhmHv2nKu4dXIBmaD42oyevnCtSVOqUKo9qWm7M4/H+hROVM+ESX/4xstgXwB5CkQ6oGw2hRWNUxEHfY0xu1v2T8DLQJpG8qN0x5zQicut7b1/1XW7qb4u7Z3Tmeug6YwJgBHn3wp6QYtErYcgcS3EP5EK+nAHhjFJN8CQWnvyVMZUvAxu9HiL2ohE2PhRU1GbviU5D7kWcvkal2j+fyQ8ZNBQMODU8nvnmgg6mzMryoUmTTnFbBAmBJJW5OlwFP3iyyQb3qEC1ehjA9EXga1s20g6sQANMS6YJ7IDMT+wnpVbaBtcn1kbR6OonxwqAJy7mCy7ulfPr3+wZaGn91wGfA84phDskhoXf9zxqBhmb76D+PA20nrUzMm0DPzEJ2mf+Kj3U8UmFi2LjvPGPgQfpz22vns1uBbPw/xpX1wppSpmKWkUsNWGq/pV1zYFhPB6TsbgDLkOAmHn5ZYoG6VwhvRqZRShRWAW5iEXc16mKZ+en/PsXo31Q7WATS9ZlZG78YQr9uHIty1bbV8USPRRXaFIYKLM9u0chMdY+end5NttxgJ3ArhBLESJ/fQsM3PS0TVynY9XAgcHyNnbI09iPkPQIstGsMW5rWjNLxgXZoSCm1lY88NF8uuwgJ71caRSyhm0iRq4JO0pJiSjeQkBwR0Xd5PETtzPk7zfHczdveWnOjvwfXfoIQCSf2b79HMI3ROj4XDcBuH6oD09L+AaxAo3LU6jJiNxr2mhR9KtwaFf0KYXVjLReyxm99wLJhohuiNX64J8FTUnT3tYJUcXHwzmi+GUllXH+CZBvCWkw3iLd/sygzBXM8x8+qv9mMQY0w8SrHiTS6AKp+a4kzN6uscNR6vJ2rzFW3iWRJALhywNuEOPVYlc53IAqUpqz9bpgNy67WCwlujovEXFlWjPO3S+m3YEyq1e/c6gNGxCBa4O0L8PTehlLqnBBRQPEMfzekoLH9/2oTaxXIYP3+O72IdfGcS+tL0DS3FaLUQvTyRLq+Huq46ZwfW2UrpWEz4eIKlUDvPwbu2TL8Ve7p64EUjsLXSuSvlvxFIDfbrLVFPmbHnMenOQs83gPBmJ9Df19FA044RVrSTl0niJmkCiT/3ab845DZ9yZBCNjh00ylsjJfiNPsQPmnWUm0zrCz4SWqLc+79MwOBY9TNajPNoFC+WqLy6JGY7FU7R6lvny7OfLOQsdKs5noFQkzwbY/hEV44LPD1eoWZVKtNTu3ftMWi0snNrnSGEDXK+J5IQGJe+eTOPRjOW+5NSXkPh9ScV/0RN3FTMk6i9kNgUqEUkw5oHOV/N94341lHXcB6n39g2QXsJ3eRz2mPCR6rS40hFFtXKDfJ47vg/hCfYTQJhA1UYwRPuISaf8W66PPlmOY1oZj1ukoPBAEHj9ZkmRDeUYf0AKtpiYT2GY42Nh+IWbvukrOT0wAapTVKF373xjJBMREJHO7fXMNydnPINUBOjoa5L9MwnpVrCq6uej0wVS1lzane5JwOecBMJo8PeLPNTRSvKOHALQtxfkLtN1OdTte8DA1FKGZHu+M/k6x3VxBiyGlumaebH7EBwWDa4OEP9L18Hy8WML18tNYBil7XvFw9/nnCfLiEr+GKRVQ/lelLroeDr1Y9BSKKL91pNegdEaw5VCRPTV7SseXyUxSlQRiIBDS5CI7kMgS5YoWKCbKqG5W81Xupurt3x36gUb/uhGpHQ2Ti613phu6n5WpXAxbfO/IxfxsCJJsQWEi6/EN2A8OpViYLB9wOiJfY7PCkrGJeCDi8h1ybxoLgtfuRqNUlpyykrYjYpqu4keLJCfsSj880GJLXOHxkN6B9aBswauu09EPThjls24IwtpK5T2LmUQuFBcVoKyHVTFBUxg34KIfXWVTWZn2x9LM6IHANIiyQOKpN3O8e8AB1eWs+yC2uokkmEXcLoOMvjyXwxVtaDxHF6rE8vKm7duHXrJqtJeGhRhzNKVUAkFUIBwgzTCJAduR5Qq64pZf/RNhAZVu1W5E7ZRVglpIFsLEmQA8Rj9Dk7393a94HrDjnI8LlgEpJUS3p8MGI6lRVX1U2KApNIMkmx9DB7cI+EkzptPgIrMADV75YhvC7wBGl/pqL3fbSvLIVX91yoUeSHb1hL5EzE/jenNrsz8dqd9sItoOsXMGAtbvHxqzdNQYImzfqaCyKOQhucqgOc9v3PJ2CVQ4NbXsaNq1FyzbqS1hi3Cnz0xlMZjwFuA2Ye9TTUnwgTweke27k7FH37d2m6aKspcejJ+zny3X42DqIzWogkKvegcUXqzcyCTrRenEAq+MRW0O7gIAWA6T+kbB+R7p/nQl765l+83U3Kz6v2U2TaJ757zAqhXNQyLDuiRqnTD4hReKW1Dgp2atXRkybhXS1xlgp1dMGbii7fWsj35HdaDjp8ms3MPJOJG4ijMhdLzCTg1F7Ret7/9z54nTDowIqEnfq/n25VM8PGodd+rFdIFTN311gWXS96s8AVrBjBXceZwOsVgvBHUMkPNa16OPlQC2ktsKzgI1jz4gPp78fCoUuFOkN7rmXGrSkulu7CWrOSP3DjDidQgDBazl+l0qp5zp/W3rB5Szf/I6pSsG1McEkA9Rny8qa8bNNNstG94tA6sZP2U5o5o1LdaNJ4Blv5LlJojLOkRgbQ51qQYK/Rb8kCJedST4Oqep/L1Wm/75JFHUDHTn8ztQ1R5hfSXie8RH8Ij5tEDcdcq0dExipQ/bjZFkzPXaQ8xuhCI+wdeVFrMxAnSGPVfoPtiPe6lBQmGG/5eQugQmZSh4dYzwPexbx6A7R398ZgVfhmtLInL0H6c9YAtBCYoKrtD4jWrIbtVxSizNAJT6mZKSL1q63Etk28EwPOxK3GEOP5lkXN4umoDGsuVCnh9BmxEgemSR5erJqQZHlJlxmmcac4umy9rHyrTUMHCqYNgupOSR3DjPZSlC/cJPsyXqjO05R43YHVHSm/wtsESkKXMtTYOrlfOy6gyd/6BX0SgKrToVWbZ1xNFXxDzoWX/OlnQbOZnLr1wINMAHDGDKvxmj42l1+u6e73qUYujzikLgcVIZ6wey8OWhcVk3aiV7iax7uUC2hh0lBp7itis/wnlhhjRQU06PUvy++Uy02v4VADwyWrA9eTfzttLj46pbClkLqGiSkd+1zJo4PwPIDzyPD5C4FvsxKoeAoSb+Lmi1h2NakUFF+01z9r/cqyMJmF2zY8Zls7CgYGuBeySI2dPTnm5YHOnTsDQboSEn2bRnV6LSOayIhtwADn13+xkuWMuahrnNU8Kr/5vmW5mNHFNcpRkls2f/QVd62rUMtrbDIfJsrZNX2dbEWzmy8X0LLKldIphAqUfWwKTe5q5dLczaibwvas5OGvkSHBzjQhKYmM85yNlOj48Wdl8QZrzwQrLav2DNNI8NzmGecCxd7LHWjO3iSHbHUz7/srjLWGU++xThkp7E8xDtnsmCgJxB64kF0yxb577wFVexU1fBo3KsGsf1yANwVMFdtE0nngYhEyzwsuPbYGciHHg69zrkMBZXezCjQabVto88DLm+6PpLJWsPIkAv08KLntN7SHcd4aWCXsRITeepBKz0osBsinaR67VVsuYqIXj6H8Hb9rVrrbkBPGPW/JpKsLR2LMaTtrhiE8NUFTvnqhdWdgJEUTE7N7tlJRyW1i7Kd373xfRQb/OjFUaODpScFWy/SZFbb61/lJkOq7nuGrD/d22/oNpyOYaET2iYj3Rdu2MdtxBuxzk35cOlCSkOTuuqGXHqsxtmsUdtshGTOMkuf2X4+c8ljVP0OVsXuJ6Vxm+29+/C595J9UjOtBswJZPgHiA3DURqcpAJs6h4SZRfKjjZNB28j4otEQ/yLSgdxCkI6DICA8vwHs9Bwlh5S0t0FzHq16CEfT9wmxBJpt0j7kEG8qdZEjV3xPUmM/N8UEjSvewSxdYJJpXL04iMrBR/oeu/yzUKH6uXFy1hjXEpW9F0dCRj/HxTkka+cDt+kuYljjfaJNddvQK1fg4DFPdX7d5KUzkIxye9cND1SezOdWS700rCfxPsCxJJ6mkJjXXZNqfGLKuTaICKO2bQ9e6pdNy0M5YhxlU+B/cpYReg3S4F16Lxp0G8+O+KqC5S1+yLqe72otjyhweRCsrgZIq6KebsJMiXTd/wNVQR0sPggpwXHgNVgdkoKQHWxLh4ERqOnZY45vr8j10K6zQUs3kGnpETM09vMOyY0MbTkUazhtZiGEze72GuZ3s7l3Mn+5h1zR7BNwGB07U99dnX4kCEa3Jh43TklYjQ+6v9DUBqvGdWBSjv9+MxdDm2M5YQVx9Ll/ndtubLgh1LJGY3aozxZNVq38VqXk+mAIfg8ib0kz1hRy+VyUZfcIwHB3zHWcWn5MyN/Sr5dWGumrVQF5ZtlrbchEQM9yXzv+sMdPQQcD7Ef69G932S4w/xTE8U3UFOPDjKHB5unO6V8SDjSEo83aYspw5FCv/GQLWd6y9baD1Dt3XNzhM2FNJveqG1aNFFLzv0lRMxZMuVWPpt517r6ziEVBzLOg+RNzTcfTV88/kBz7sJNravOJ6my5H0ai9AfhDKNE448lXFSeUiTzmDcwqTgdAmvlWDBdoqoFKslNfZ7nEZpz6vpHVFn5vcw5V/aMqLcJr4A1LnQ0eAj6UWd4P66HrcaRJ1UAbQASp86076T1w+FuzPWM8Ac9cAazWO/2c77dL/hF/KtHLy65o5QN3lS26zg199L7RcDaRLihtpE4cycngTUJ8VJ/Y0JDBRFQEkDNDkEBTinqRtJq1WvqAsMcSVG5wpyv/Y7Zf
MXNlV8SbvJcFgEFLSyBA4qs4SFp3xOiPHiGP/rYdNoY4I5OWfAyLQ/cLh10AxWayoA30akFNEyKSeU+IHFJBQVTu5U9050Od6M9hLKEIAAtRGy+9xl6QVqJK5F3sZ+hzZoXTpikZ1kf0de9VMxr5WqeYWbUQtZzX8/kEzL2uC+wdin0LJB4D/b+Lmd+9Ph5fGgo0ZZPZA/B9rW1viK1k6tGG89oVTsdIpkX7NT115fCYFngKUlifryZIJG9gUONP9GuSHCHyeaOKrjPgsNvWkw9d+Fe5APA5sBHjJ5lzNhtWrWC1Lu2O0hXV5aplqSjmbBAIkYPvU+4X1S9kUdYp7XhsUjciSpM2Jyzu5qYcA077tlKQVDatZdrGyBh9tKADU8CpffHFCVVlIskkJGUFUSrW6rC9zEewJ5nSN+0Ha3RNKq7QsL+O7En8aao6N1KNkJtlSf9RDgLMk/wC+VXj1zQ32sDmO+G6+5vEUH5a1kG1O8OIF20YugpJd5jtBDpfZCodCLEj1C4sk5XXjNfT8O/zfZvHyGtN1o30MAPbtC3kWNdBcmgpRUGjSXxDMEIQ+o8VZ7pqoprjDZf6g/qVsdkUXJ0gzd+1sj1vqbHD6qGyEGlZUbuqt57qJ3ES/wbwRFsjAok4wRLUA46b98o1/codWG6d7E16PwdRxMBjdFvCH5yAAn7zTVo/Go/od2N6+aCbYAjH/7Xj3TiigMimaB/y8iDlBe86zQTZMSU5egHaoZxBAhK9OLDvkDKuzhmMR1IkrL7uyed2p/CGqxx2MAcm1FhEDlAJyeGb0r/j6F9lhCiaLY9KuvCPJAGIEc0E6paes2ayJy0Ynb0WGE/8EA0CWTisMnCxOdRFtBO1uTsAzt05M/YZfoedw3msLKbxAGlNyM1m67BWKO5EDItRt0GQ6lnejcVGHkkWfw1SPZgnBsQp5DwxG2BqSkvM00MjhlVtw/g1KyJX1rJNSQh4imBAkm6zBuwRVxXylMn448DXr7eg+FMNSZesIalA0+hofk6OTvm7/TWlrAjJJy8kDXlMKTh9OWDkppTA6D4N0sfifeFdGjDC27LIGgDLqMxthBtoaXPVDBckQIk2KVtU+JVYwHZlq1ebyw/cdKIYk27+irnxMQQoe8eD9qHJEzxeAR0iV6Ir6ZwJ4J3DoMiLPJhbWgSOqE0n++BddXhHmlX0RRMGYTKSTM3+c2Xcre3Sq1kgZBNYTXbbQiFb1s8tqLO0L9gyC1LXQeXEgNwz4vwqe1uB1PVqzdjdrYKAKYuXF+ZzCHzHZOfmkeQF8Lz09VWVfY4iafnLUAb4GCPi5dI80R8L6AIGO6lmkPiMb5xNF6TWnIy/IR2QCS7rtX4/d/Bk4GjSMJke1Km42d1QHIM01YEgpZ4XQTxBXFUY4N6NEq/XelnpBrHUKFjGePcXrYaGeC1uuS4W1l+M7Fx4TFGLnmE++CKt+K53AFSfpGwbhdP4NIlHl74C+8OYEXfVOArH0LtW0XPT/D3IQOkkwDYphfJBJftLTddb7ohC18oiIzab0zvOOgJBWLFtFLD7Io1ZifVvH0OSGjS1Hf7Q3mj/UgVuIac6SsdU32HnOR1F6Ig8uHrUIT729LjZ55v1V9EqFQCdAwha9kQMOq/Z3pzZmYSdw6RwLyj4k11waDj2PT4AkydO/R/LuoHu8oWp1YY97kVe0pKRS3rh+x2J3iEgswL8dl8kD2hbKhfOZDBkQs+QidlrOcabZSV2cQ5j5fTn3TJnulV+mCJISdrJmsBgC0b8S9NkRCCnoS9TfbTomdX0obSzTDzW3UoEW/YbA+5We5Z1ZlBfF0DbUWBv4bBLQBwmsg1Y2ZclClD6J7lPfGg0yq0EV5vZeKcNyg+1L1hrliJ2hR5dxukbC3CWiW1yJD1ve98kYO6dIWh1W+fSZmSQOODunU6fbS7xYniXf1ikDipgIYq/9jAyLn86nQlWr6PMg63+zksN2BhbQH0O9m8Nhvy/6nU7HQxY7T+A6eg+Kswm6++tGePI1XxzrWIsITFBLj29uVAIhiB99se7zl1THyNpcBFfbSmOHa6IpFmdsmGtXwW68Ax4ZwUDCSOjNOXT5CTEApKoO8DxvkAQCst82aj3s92E5ylS9MZMogaIDT5bLjSVvqXQSWB6abpys+LKEdoqiRKAAN75JAuDrOQtgod7JWfFMZ8HZtTaMPklABCCfihXg63wQ7BN9oZ/RqaSSFjoy492bTq0/0ocMW/iYfVqgZ4URXfpH6i8LOP2OpCglW2FoZc0b8r/LV9nUHjWvI64aHCHQwlxCkjFtTF3ZbhwQgt18VaDGvG82xFM6AM/3Y9iYzWwSVqU5wj8AIKQcyJE2erip0168ui5iaFX39h5QL+zLdmtDGKtIDLHnY5jQEqIukIIN96a8vRffbY5zGWjKviaAUhX0BlyBtpd4q3pCjXfGKcbKLAXx+cooyMmO9uwpjoQRsh5dnxqmkhlsekg7QqRAvKFS7CCyA7ZyRGIDBycvOxjSI346wqsQAFMUn6OARR0P3vA4V9GR88gFxdOXhPSX/szfBLqbThpxW79njWWeT2IpOvXswCMYz9O4SNJh86Y9aJbG8NauOLMoXbGHlKaBjZRAIibXiZuSiLpJWid3jhhm26i96tTHd+NVxjKYYm7XvYSHEVVL5yXr5htN6yxsbMhe8+RqnYbQFYp6cXno2VKFpS4adRPlsBHHj6D5z6iDo2FNcdhtsjvDwasQkRv1kvo6D9SdjvphgoNAXg/rw9ggbtbSUVsvyH4FUm1NADamYvDvPqFzbXX0+ToaaCN8Mckm7qjkvFO09mGHxfG+SMBEv0JxZ1fylt2VZ453gOX4WkIg3wrEwMc55M2YM2O1HLDU36yAFZ8sRGD9NJsFmIq03LyNX7/sctOJ5aPX7bYvuKp2FkoH+L+fYuV/EZxwEdNY7eIt79R82yffrcAYTIx6bYVqNptyouJQwMWG1VVqcPgSG3BRw3OJW/Hz8FWQb4uReR4GO3dm4tkPXoXP5jMup/WOHuFeskaj7eYZezqvRkIqERKeJI1fSDXLdP9tbh/+nIq833j3DM4b5lpdvdSEJRqbDt2ndkT3xZDdrLMSXqV6SIJwMV7fxdoR5wMCcGymCuzGO+bwBg7ytWivqfSMUdGCvObqiK+6AdFBwSl3G6622bb9Vdp1/+VYdtX9qEr+rmqR2KR16rriKErDoCc9LUzULRMCJb9GiiG7pkAoPnSesZjUUvCKKWlQduPGjyLydGMQcDlPTHofpL5VbYy+s748/Tr2UKsVYGREg3LUkFihjfDUVkdgCrC9LckScTkj2SU5yTU9s2P8FAAdm3/Xh8mmU0ZyeTByvoqgMbbMqQ8NNBlBXfKhQ8aNwsGah+rbko8n9S2dQfFpxjvIfPQJsktx6p/4AsH+59C9trRpM1hJwrixYDlApI5B+QUT5jXDNSvkXJp9KZb88+ERnxQVuom1GDg4RJLtsYD4MBoIhvey9ejQvBOGISBsBBBh+Qv3rg0hvNvY4vPqM/lrwJu+So18b+/3FxZtERtjMdmDgsZu5hO4cE3B43dyTFzbpIQTzHlAMEZmz5R0sLTxbxLskX3AGVQePS7pId3VNonyE0ZdG4ZZPpp4clcmD0JFzyA+xnqY8S8pKbg8if27VOhQK96DDjcKSuDZvMagSPWl4+jc+T/6ictv+Sc3ZjVdkJ3axgwyELatwzZ+3ZqEThAZxjDuZAu5aIOer8L8pRLz5csVQMEY9rw+nsDs/MWSgp0ET/o9N+vi+2oUz7P57t3A/62aak9VOL4HzctrcZ8m/jbW4RMmbPe2/zORgftP8Ojt3D7+NmgLlrOgKr9gu+g0w3aBn6+baMtxxXMETw4zAX+eJC2l9L70zeux4XHr697f60r+Cncc76UKpquQG/xh+VzKHowOPfoQAs2+nqnoYEo2tcgGaeyFqLI8crStFQyc/nhg7Lyjax8TY2UPkkBGSQIPfejUSPjAKfhe7WuYY3nxQmn2UvrtxQw1TH7abiVZh6iQ2RoiDsMNdiYBoaJIk1X6QZy4UkXiZ0COiuIheiDSp1gqK0KSGTte+ORBhuFh841hLVdPkxbm332KJu1OkdRNX1azlmPhfSgNBDaVcu1eNfSusYFXU4o7uCjOaakIplUqQh4DtrqkODUgBUUlwDo9Zmq6GEtiPEmIuR7fTWD3tHk00w+2fenHXkPgh7o4fGWwhCQmmdnvumXgkCFYJTT+MqTC/kiX+D0y1imf2VVZSWXK62mkkK+S7YIi3uxdoEPPtpwQXpO6av9JUHjatcyYwMlrwV6P4F6NOSuCtYQUxj+kni0YMu/MBUfEmYFmr+Pg2qJcvbkXR0oRRbUQqDwp0HOrNcdaJxKUb9YLb8uL86ijMPAwlxGMIVPa7xtj6dN4bLIHnWnSH7h8MpcKslXvZwN696dbdbUwRL1FzeL/VCxyL06l/FZJwpf3dEFzuoS/ZYhN8CQejTPeEFUj4no+ytoju10ByQkYgeLIKxN43D6jpAmOwBdoNqOchk2HHwvjDjSib299unBc81WGrtmB7aZn10U5wIiKgdjr4tc+mMROszjxLj7+1vyFZSso+45Wr8O1bcJlGulzgtPvSxwADuMR37M5oR1VV0L1zg3RMlRx/OvLtpTOpahXyolQvQO3Vdl1AI5sM7K50G88HQqmUlWDhhIvsuwBefJgYZHMZaua0ACDJGSr7PKl7CcyjnZgnlwFs4XtDr9Cw71UD38kV80z0XDQpGfwZs3kI1TetQvI7nT+ARH+qe3Bf4083LmZRFWRcrf4BbKxKPEPTwa17XPfE3lzrf7Z7pysd9gEx0/rsaDyfJ1q31zzaH193aI2ydsbw+eXv0RvNspb9D/fr+od7GMZfrq1JOdON7CBigRHxFBI675ZhXjQ3ZPlrxapMEMXpp9kBVGuHRgV4xFb0UQlIJpjhrhlar0Zij4FABVGaYS38/DdZKJfp3FHMeefe3tdTzvvnQmJ1LimSiJAqX5lmD14SzRcwOEKw6AZCyhO70o1Pv68jLHHKHxTfephYmgy1mq0/ayLdv4Vv/Qq3AKRHWYNviQE45jFFgWtyVaV2hi3E5ZWtC6FjWjzaf0/p6qW56VJJFShF2xShvjuLYz68fajbNjnIqMjZ65jNIQruQpZE6rDr1m3em6IKoQCfAY7yS5TCWuJ/bkOux9CGb1Bx8Ye04qMe4zUulKO6bIKeDiBR0pi3xg3p477s15I4sltoYcloJNNrwbUnGzPDRvZXpzQzuriAmpb/+b3ZZQR93FrEBnlPtFlSgL0qs+RjSpXT+LGylJTPhI9KW0vmAopXV7V1d5/EZWaRcU/VMuX4oydraLEjX+3ynh7SRySp1NS3MGPc3WOfpE8Mmla/krfS5jju/u5JYnwiTl7lXBd0KAqYT4NlJQkTP5VjvE3167IKzcvrZlVrOFh+xh4AdgqhrPdE+7GFTiZa6x8MJ1ECpAq3WLpi4Q5ZcZFVrleJO8ewwyTLuvoH/PdK6FF3ng/pbTLkxmSMpkUI/mMHor1w2btpOCk1LLXZsIl7MNTXeNdlh1k4OAuL87MT2F6M0Pfl7DfTLaLysXyNgwkouwNcpQJrtMhuDLL/ER5KcNLIbktldsNY5lIma8g5shIup/qSVsUYuY8eHFyN/3Vvn8V6spR0RWw8H/A2/firylH25GRB0xYWnmpMhytHXxhGhgp0Mrl5SUwQu6+dydt7lAunMOnrxiPWQCUZCIPz8/Q+sKRr6SBIp6HQ4FYbjMkVQp31ZFssYNFpFUmKSeRBoWdwbML3G23Dlex9Ol21xNFmEa2gbRYpNl8DW0vvL7lh7vRnfy7NWdy8vrFhm1/dSFIHaDX3AN0vfapt+WLfVMf4lTpfpWPhuKddj5FLKrJwj/Yx6cGAy75r9ZYEvxzQ1z2toFXB97GoBkM/3KV2wEOlRaFrvsutvlNU3xyZJ00kR4M+M4s82mTRnZcZzFYCmWnZl8MVhROuVP0qQmZ33bXLc2g7Du0wAkIKeNBLt0KQdZBRXmvx9qyUoNC+Idlp0JAf3idOB6F08UYBw+HxXlDZdkSdk9MqIJ66vdus8qDaK+aSiLi4lR/PI+i2AdQ6LtHSJbLKGeZEztTO07HIXuKHCQ1Wryem7RL9LHw6cEHzORSU8Maou4CFop2fFxAiBcl1Nmy5KwQEEJADfeih357uPLfYS1JVso0/j3oIIoLFEJlrxWt4sH+lbS9QwK81i8DYGPQMh0ri7O6B+Fa4jAAubnidBLX81VAZGzupbXHWeEy8x+2ydtBHbLuJVYlcqCwwgo30E1jyO3EYUl9ywXTSc+eV7JO4kkuHa0qA2j1MqxUKpXJSZesxAOcx2mq6c29LtXbVGHwl5GoYwa0uXjE1bNDUdRyrMdBaiyLTcaJDOcJcWpn/y0twK/mXFdScB1yoip1N9FIuveTesHfZeuqlZuYpk3TaB26Hcb+5Hz6R0cxcHiNyo0jIJh2FSjf9FddxrARJbhS2/eQ+LjIPn7KSjyldD1bZbWj7kxWRFhRVq2bqsIZZyotpZQWU/GI7JzDVXaw+GioV59cOxz1aLpYNHYCV9IF/GYk8gG/AiNZD02NYFKDZA1Rw19CgTyVX+I1EX/zjMXES7Nqq6QuKhMrbDdDGlyLOweRdjvJcluskLMkmQHEPoJkfgjDQvbetybmrNUEMn6Y+F4nBaHzdcPUxTGWpvRqVe/ExpByA/+C0J9Y4WgQA6ILXmqiC1FjxTJblzD35BwaOaY2vYOkEWgQVJCd1oWwn2G1annX7sFRjbmaxt+RMfFXZfbMbHWlKDrEvSRK6BsL7zrO+i8wdunPrxkd0BSLU1KMDEDolJTYmBX4pjSzujsR5C0uS4n1L/Do5/Tpj8vdfzvCMC6AcTB3TR/nZuQ8/lIphFkei6Ce62Yfa1ZxtgZn3FAJB7syo2FToXsrstn2PN3vntwqxUcFBBPnEl3zb7K6I0+0iNo3h3he85Q7c3dOLL5Bc2FUu/CyM/koQycg1NAOLABEdwtISUIuKZVY1JXpA8I8Z9PmpDdapx7NdJez50Pz6ae5FZQOhXRAF2BqP+tiEBkIrzWpY7feJ1JtNP0xqffLZE4t1wWEwqhmCYIMWeZhlgdE/jXY9W4in/BMce0PzgSEVo3keprZV8gvrF0AVj0xqKLZc7DbyA3YoYM4LKD3CdXPlIpHyXOz20+JscpNF3lSSF4Jp/FJWSe4D6aSfT/Zj8LKvLsI8rSqTqcdEZvnb3B+Kb8P2pnVgq4rV8cr9VkUgg2/LeESQUU3ZKPQ3+7OQsadExDKWRsa7Ov5Bt+DOxIv23dhW3Jodomd70QJwABc9jF4EKl9pUKjaRPGwBYJoqL2uGLNv79wCn9V/ef1zZDLLXafyEoN392hPtxNkFYf/wyD6B0s8r9zlTvOrwNrWAUD9FXbB7F8W0lqc8N5FNpyjd32l5IMWVas1UDFUF1vkSQYxdexRu/QQ/TA5ptUqiQBK853MbkdusEqO+7VeKqSz59iiMgo4SaCXjR903hfuFtyUCKJ2i7fmQ1rBdoh/RjFvXxqe+vv759rQXG508IMQy/dsRLW/vY1oUbdlUH9SBaT6xDJ9mjxBVaY1UNX0r/olGBdRuTOiduWZ9ZiZaym0inMXwJm7QRHJgtVR+ZoZGCOQ7CMUGwHFNJDAaqe73vtUaNEKmAWa3XFkim7RqQMF3d6oo764/RW/PqDHGPQ7NbfX63uTxlX5VqY0DYokomn/JqQibQwBgwnbU/FGVusUeIL8Aq7ZIG4v8JwyTxCrVsWsvFAwsrHzBADW+8ltvqhb1dtSFW/TU4qwZGghqDUEMbIVrfxO+E+N/ILTRJzvgYZvMB2A9u5YcfKzS3Mx6sm0MNf/inAwX4HShEIrIsZ/RLKySsOP8styJs2SEMegBOhozpI7F/tky7YOMFMGJDwxgo+RC4VbGOkfwZv/b5j2YXBhdtspBr0jAFLdB/ae3yemrQQbwRJHjHAC6+bwWF0Fzql6Uo6Ed4szUkEoGX2x3YnkjcrMwJAURBAqhZ5ssnwmJatXhtGu3RncaQ7QH1+CLDouT3eJXHMOGP/yNEAPUBTvY7NkY+ywC39WFGjUr4HUvnShFDsv0ZKBI2fHkh1Cgz4IWq7G7ZKLQ1ncMg0bPH4hwoLspka/a2W4AOWmN0
4D5g7msZw2vVtra+h7h+9LqfLNfis0Cz9XmldFHMdObUeIbpajCFNNomDfI5qGeeK5K13fwUTdjj29F9Imwy1N0QR5gI40hpkg6FcNPOFOkInFCS6QTuhZnUNOMhPguDsJEZ/ErGLCd7uJp5dIvZIEYb9DQYpxXHKqC3s7OBYtQon31nwssJmxM5G62o01EH+kjhWF5+tlj4sf/8HmRKWWosXrUW5i1OGus70yvS55y34i1eFtEYVpru09kdTuMGVap1DMdkjny8zPBB+F2IbaHtBwecU7wef8+1hIpAjuVbjFWTmYTo5ir0X8g2XXMwiRx4TkIl9PhC+EgCwOuoHIWhfB86h5RH8ECWpTP9mRqHHlm4889uNh8hYkwIUxvYTeSJk/LVICJii7TfuQgJKgntXf4ZGXCOGhzbERN6+rMVSPOxmpnrcNhb+QZk0dtRdQEVFVhg5ysh7eF/Z+Mx+oAoaDZ+5XW6Y2BvsEyyJWjEqJF3/b2XJV8QaB3Wpxy8uxYOzEyH+P7InqLN9ReKvZNdzfWxKfcF
CxsdFhjynbvvfgcvxssxxdfxxvcdfASZxsdVcfgBNNHYjkHbVCCD
Vm1SelpuaGpjMlJ6Wm5oNllXUmxSMGRXUWxSR1JsSkVVdw
Local AppWizard-Generated Applications
CDemoEditorDoc
CDemoEditorView
CMainFrame
Auto Return
Editor Settings
Invalid DateTime
Invalid DateTimeSpan
CSynEditView
RICHED20.DLL
Fail to load "riched20.dll".
RichEdit20A
Fixedsys
#define,#else,#elif,#elseif,#endif,#error,#if,#ifdef,#ifndef,#include,#pragma,#undef,__asm,__based,__cdecl,__declspec,__except,__fastcall,__finally,__inline,__int16,__int32,__int64,__int8,__leave,__multiple_inheritance,__pascal,__single_inheritance,__stdcall,__try,__uuidof,__virtual_inheritance,_asm,_cdecl,_fastcall,_pascal,_stdcall,afx_msg,auto,bool,break,case,catch,char,class,code_seg,const,const_cast,continue,default,defined,delete,dllexport,dllimport,do,double,dynamic_cast,else,enum,explicit,extern,false,float,for,friend,goto,if,inline,int,interface,long,main,mutable,naked,namespace,new,off,on,once,operator,pack,pascal,pop,private,protected,public,push,register,reinterpret_cast,return,short,signed,sizeof,static,static_cast,struct,switch,template,this,thread,throw,true,try,typedef,typeid,typename,union,unsigned,using,uuid,virtual,void,volatile,while,wmain,xalloc,
Alias,And,Any,As,Base,Boolean,Byref,Byte,Byval,Call,Case,Close,Compare,Const,Currency,Data,Date,Declare,Defbool,Defbyte,Defcur,Defdate,Defdbl,Defdec,Defint,Deflng,Defobj,Defsng,Defstr,Defvar,Dim,Do,Double,Each,Else,Elseif,End,Enum,Eqv,Erase,Error,Event,Exit,Explicit,False,For,Function,Get,Global,Gosub,Goto,If,IIf,Imp,Implements,In,Integer,Is,Let,Lib,Line,Lock,Long,Loop,Lset,New,Next,Not,Object,On,Open,Option,Optional,Or,Preserve,Print,Private,Property,Public,Put,Raiseevent,Redim,Resume,Return,Rset,Select,Set,Single,Static,Stop,String,Sub,Then,To,True,Type,Ubound,Unload,Unlock,Variant,Wend,While,With,Write,Xor,
CMDIChildWnd
CMDIFrameWnd
mdiclient
software
CControlBar
CView
CFrameWnd
ImageList_Draw
ImageList_GetImageInfo
ToolbarWindow32
ReBarWindow32
MSWHEEL_ROLLMSG
AfxWnd80s
AfxControlBar80s
AfxMDIFrame80s
AfxFrameOrView80s
AfxOleControl80s
AfxOldWndProc423
EnumDisplayDevicesA
GetMonitorInfoA
EnumDisplayMonitors
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
GetSystemMetrics
USER32
DISPLAY
InitCommonControls
InitCommonControlsEx
HtmlHelpA
hhctrl.ocx
F#32768
%s (%s:%d)
Exception thrown in destructor
f:\rtm\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
commctrl_DragListMsg
CCmdTarget
CFileDialog
GetOpenFileNameA
GetSaveFileNameA
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
KERNEL32
comctl32.dll
comdlg32.dll
COleException
CLSID
CInvalidArgException
CNotSupportedException
CMemoryException
CException
CRichEditView
CRichEditDoc
CRichEditCntrItem
RichEdit20A
commdlg_FindReplace
COleLinkingDoc
Embedding %lu
f:\rtm\vctools\vc7libs\ship\atlmfc\src\mfc\olecli1.cpp
COleServerItem
COleClientItem
COleDocument
CDocItem
Contents
CObject
Delete
NoRemove
ForceRemove
CWinApp
Recent File List
File%d
Settings
PreviewPages
CreateActCtxA
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoRun
NoDrives
RestrictRun
NoNetConnectDisconnect
NoRecentDocsHistory
NoClose
Software\Microsoft\Windows\CurrentVersion\Policies\Network
NoEntireNetwork
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
NoPlacesBar
NoBackButton
NoFileMru
Automation
Embedding
Unregserver
Unregister
Regserver
Register
ntdll.dll
Control Panel\Desktop\ResourceLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
kernel32.dll
%s.dll
CommDlgExtendedError
CWinThread
Software\
CDocTemplate
CMultiDocTemplate
RichEdit Text and Objects
Rich Text Format
FileNameW
FileName
Link Source Descriptor
Object Descriptor
Link Source
Embed Source
Embedded Object
ObjectLink
OwnerLink
Native
CDialog
MS Shell Dlg
COleServerDoc
CDocument
ReplaceFileA
CPreviewView
CCtrlView
CSplitterWnd
CMenu
CStatusBar
msctls_statusbar32
CToolBar
Marlett
DllGetVersion
CMiniDockFrameWnd
CDockBar
CStringArray
CBitmap
CFont
CBrush
CGdiObject
CPaintDC
CWindowDC
CClientDC
CUserException
CResourceException
GetLayout
GDI32.DLL
SetLayout
CDWordArray
CFile
InProcServer32
f:\rtm\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
{%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}
DllGetClassObject
RICHED20.DLL
combobox
CPtrList
CObArray
CImageList
ImageList_Destroy
CArchiveException
CReBar
CMapPtrToPtr
commdlg_SetRGBColor
commdlg_help
commdlg_ColorOK
commdlg_FileNameOK
commdlg_ShareViolation
commdlg_LBSelChangedNotify
CFileException
COlePropertiesDialog
COlePasteSpecialDialog
COleLinksDialog
COleInsertDialog
CFindReplaceDialog
FindTextA
ReplaceTextA
CFontDialog
ChooseFontA
CPtrArray
CObList
COleStreamFile
f:\rtm\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp
COleDocObjectItem
CPrintDialog
PrintDlgA
CDocManager
%s\shell\open\%s
%s\shell\print\%s
%s\shell\printto\%s
%s\DefaultIcon
%s\ShellNew
command
"%1"
/p "%1"
/pt "%1" "%2" "%3" "%4"
/dde
ddeexec
[open("%1")]
[print("%1")]
[printto("%1","%2","%3","%4")]
NullFile
[printto("
[print("
[open("
MFCM80ReleaseManagedReferences
mfcm80.dll
$@CMemFile
System
COleIPFrameWnd
CScrollView
MouseZ
Magellan MSWHEEL
MSH_SCROLL_LINES_MSG
MSH_WHEELSUPPORT_MSG
CPreviewDC
CDialogBar
CMapStringToPtr
CMiniFrameWnd
NotifyWinEvent
user32.dll
CByteArray
CSharedFile
COleBusyDialog
COleDialog
COleDispatchException
%2\CLSID
%2\Insertable
%2\protocol\StdFileEditing\verb\0
&Edit
%2\protocol\StdFileEditing\server
CLSID\%1
CLSID\%1\ProgID
CLSID\%1\InprocHandler32
ole32.dll
CLSID\%1\LocalServer32
CLSID\%1\Verb\0
&Edit,0,2
CLSID\%1\Verb\1
&Open,0,2
CLSID\%1\Insertable
CLSID\%1\AuxUserType\2
CLSID\%1\AuxUserType\3
CLSID\%1\DefaultIcon
%3,%7
CLSID\%1\MiscStatus
CLSID\%1\InProcServer32
CLSID\%1\DocObject
%2\DocObject
CLSID\%1\Printable
CLSID\%1\DefaultExtension
%9, %8
CToolTipCtrl
tooltips_class32
bad allocation
Unknown exception
SetThreadStackGuarantee
CorExitProcess
mscoree.dll
bad exception
EncodePointer
KERNEL32.DLL
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
runtime error
Microsoft Visual C++ Runtime Library
<program name unknown>
Program:
e+000
GAIsProcessorFeaturePresent
(null)
`h````
InitializeCriticalSectionAndSpinCount
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`RTTI
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
1#QNAN
1#INF
1#IND
1#SNAN
CONOUT$
string too long
invalid string position
OLEACC.dll
CreateStdAccessibleObject
LresultFromObject
CryptStringToBinaryA
CRYPT32.dll
FindResourceA
SizeofResource
LockResource
LoadResource
WideCharToMultiByte
GetProcAddress
LoadLibraryW
GetVersion
InterlockedExchange
MultiByteToWideChar
CompareStringW
CompareStringA
lstrlenW
GetStringTypeExA
lstrcmpiA
lstrlenA
GetLastError
LoadLibraryA
SetLastError
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
GlobalAddAtomA
GlobalGetAtomNameA
GetModuleHandleA
GetCurrentProcessId
GlobalUnlock
GlobalLock
GetVersionExA
lstrcmpW
FreeLibrary
GlobalDeleteAtom
GlobalFindAtomA
GetCurrentThreadId
FreeResource
GetModuleFileNameW
InterlockedDecrement
MulDiv
LocalFree
FormatMessageA
GlobalAlloc
GlobalSize
CopyFileA
GlobalFree
InterlockedIncrement
lstrcmpA
GetLocaleInfoA
EnumResourceLanguagesA
GetModuleFileNameA
ConvertDefaultLocale
GetCurrentThread
CloseHandle
GetTickCount
GetFileAttributesA
SetFileTime
GetFileTime
GetTempFileNameA
GetFullPathNameA
GetDiskFreeSpaceA
MoveFileA
DeleteFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
GetThreadLocale
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileA
GetVolumeInformationA
GetShortPathNameA
CreateFileA
GlobalFlags
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetCPInfo
GetOEMCP
FileTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
GetCurrentDirectoryA
LocalFileTimeToFileTime
SetErrorMode
RtlUnwind
HeapAlloc
RaiseException
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapFree
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
ExitProcess
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
GetACP
LCMapStringA
LCMapStringW
Sleep
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
KERNEL32.dll
SendMessageA
UpdateWindow
EnableWindow
GetSubMenu
LoadMenuA
ClientToScreen
GetParent
CharUpperA
CloseClipboard
GetClipboardData
CopyRect
OffsetRect
PostMessageA
GetClientRect
GetDC
InvalidateRect
ValidateRect
ShowScrollBar
OpenClipboard
DefFrameProcA
GetMenu
DefMDIChildProcA
GetMenuItemID
GetMenuItemCount
CreateWindowExA
DrawMenuBar
GetActiveWindow
BringWindowToTop
TranslateMDISysAccel
TranslateAcceleratorA
IsWindow
SetWindowLongA
GetWindowLongA
SetWindowPos
RedrawWindow
AdjustWindowRectEx
ShowWindow
GetWindow
GetDesktopWindow
SetMenu
GetLastActivePopup
SetRectEmpty
IntersectRect
GetClassInfoA
CreatePopupMenu
InsertMenuItemA
IsIconic
IsWindowVisible
SetActiveWindow
LoadAcceleratorsA
ReleaseCapture
GetCapture
PeekMessageA
SetCursor
LoadIconA
GetDlgCtrlID
GetKeyState
GetDlgItem
EqualRect
GetFocus
IsWindowEnabled
GetWindowThreadProcessId
SetFocus
WinHelpA
GetSysColor
GetClassNameA
DestroyMenu
ReuseDDElParam
UnpackDDElParam
RegisterWindowMessageA
GetSystemMetrics
GetWindowRect
GetWindowPlacement
SystemParametersInfoA
CallWindowProcA
DefWindowProcA
PtInRect
SetScrollInfo
GetScrollInfo
DeferWindowPos
ScreenToClient
RegisterClassA
GetClassInfoExA
MessageBoxA
SetForegroundWindow
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
TrackPopupMenu
ScrollWindow
MapWindowPoints
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
DestroyWindow
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
DispatchMessageA
GetForegroundWindow
GetWindowTextA
GetWindowTextLengthA
RemovePropA
GetPropA
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
IsChild
SendDlgItemMessageA
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
MoveWindow
RemoveMenu
InsertMenuA
AppendMenuA
GetMenuStringA
MessageBeep
SetRect
SetCapture
IsClipboardFormatAvailable
CountClipboardFormats
InSendMessage
IsRectEmpty
SendNotifyMessageA
CopyAcceleratorTableA
PostQuitMessage
GetCursorPos
TranslateMessage
GetMessageA
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatA
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamA
ReleaseDC
SetParent
DeleteMenu
DestroyCursor
LoadCursorA
FillRect
InflateRect
GetMenuItemInfoA
IsZoomed
GetSystemMenu
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetWindowDC
BeginPaint
EndPaint
GetSysColorBrush
UnregisterClassA
GetTabbedTextExtentA
CreateMenu
WindowFromPoint
DestroyIcon
CharNextA
InvalidateRgn
GetNextDlgGroupItem
PostThreadMessageA
FindWindowA
DrawIcon
SetWindowRgn
SetTimer
KillTimer
GetDCEx
LockWindowUpdate
USER32.dll
GetObjectA
GetStockObject
CreateFontIndirectA
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetTextExtentPoint32A
GetClipBox
SetTextColor
SetBkColor
CreateBitmap
GetDeviceCaps
CopyMetaFileA
CreateDCA
DPtoLP
ScaleWindowExtEx
GetWindowOrgEx
GetWindowExtEx
StartDocA
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
DeleteDC
CreatePen
GetViewportOrgEx
Rectangle
PatBlt
ExtTextOutA
SelectObject
GetTextMetricsA
DeleteObject
GetCharWidthA
CreateFontA
StretchDIBits
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetMapMode
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetPixel
PtVisible
RectVisible
TextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
GetCurrentPositionEx
ExtSelectClipRgn
CreatePatternBrush
CreateSolidBrush
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
CreateEllipticRgn
LPtoDP
Ellipse
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceA
GDI32.dll
GetFileTitleA
comdlg32.dll
ClosePrinter
DocumentPropertiesA
OpenPrinterA
GetJobA
WINSPOOL.DRV
CryptAcquireContextA
SetFileSecurityW
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegSetValueA
RegOpenKeyA
RegEnumKeyA
RegQueryValueA
SetFileSecurityA
GetFileSecurityA
RegCreateKeyA
ADVAPI32.dll
DragFinish
DragQueryFileA
DragAcceptFiles
ExtractIconA
SHGetFileInfoA
SHELL32.dll
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
SHLWAPI.dll
oledlg.dll
CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CreateBindCtx
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleSave
WriteClassStm
OleSaveToStream
CreateStreamOnHGlobal
OleLockRunning
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreate
OleLoad
StgOpenStorageOnILockBytes
GetHGlobalFromILockBytes
OleSetContainedObject
OleCreateFromFile
OleCreateLinkToFile
OleGetIconOfClass
CreateItemMoniker
CreateGenericComposite
StgCreateDocfile
CreateFileMoniker
StgOpenStorage
StgIsStorageFile
OleRun
OleIsRunning
OleSetMenuDescriptor
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
OleRegEnumVerbs
OleRegGetMiscStatus
CoDisconnectObject
GetRunningObjectTable
CoLockObjectExternal
OleGetClipboard
OleIsCurrentClipboard
OleFlushClipboard
CoGetClassObject
CoRevokeClassObject
CoRegisterMessageFilter
OleTranslateAccelerator
IsAccelerator
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
ole32.dll
OLEAUT32.dll
.?AVCChildFrame@@
.?AVCMDIChildWnd@@
.?AVCFrameWnd@@
.?AVCWnd@@
.?AVCCmdTarget@@
.?AVCObject@@
.?AVCDemoEditorCntrItem@@
.?AVCRichEditCntrItem@@
.?AVCOleClientItem@@
.?AVCDocItem@@
.?AVCDemoEditorApp@@
.?AVCWinApp@@
.?AVCWinThread@@
.?AVCAboutDlg@@
.?AVCDialog@@
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVCDemoEditorDoc@@
.?AVCRichEditDoc@@
.?AVCOleServerDoc@@
.?AVCOleLinkingDoc@@
.?AVCOleDocument@@
.?AVCDocument@@
.?AVCDemoEditorView@@
.?AVCSynEditView@@
.?AVCRichEditView@@
.?AVCCtrlView@@
.?AVCView@@
.?AVCMenu@@
.?AVCMainFrame@@
.?AVCMDIFrameWnd@@
.PAVCFileException@@
.?AVCFont@@
.?AVCGdiObject@@
.?AVCBitmap@@
.?AV?$CTypedPtrArray@VCObArray@@PAVCBitmap@@@@
.?AVCObArray@@
.?AV?$CArray@PAUHWND__@@PAU1@@@
.?AV?$CList@PAUHWND__@@PAU1@@@
.PAVCMemoryException@@
.?AVXAccessible@CWnd@@
.?AVXAccessibleServer@CWnd@@
.?AVCTestCmdUI@@
.?AVCCmdUI@@
.?AV_AFX_HTMLHELP_STATE@@
.?AVCNoTrackObject@@
.PAVCUserException@@
.PAVCException@@
.?AV?$IAccessibleProxyImpl@VCAccessibleProxy@ATL@@@ATL@@
.?AUIAccessible@@
.?AUIDispatch@@
.?AUIUnknown@@
.?AUIAccessibleProxy@@
.?AV?$CMFCComObject@VCAccessibleProxy@ATL@@@@
.?AVCAccessibleProxy@ATL@@
.?AV?$CComObjectRootEx@VCComSingleThreadModel@ATL@@@ATL@@
.?AVCComObjectRootBase@ATL@@
.?AUIOleWindow@@
.?AVCFileDialog@@
.?AVCCommonDialog@@
.?AV_AFX_THREAD_STATE@@
.?AVAFX_MODULE_THREAD_STATE@@
.?AVAFX_MODULE_STATE@@
.?AVCDllIsolationWrapperBase@@
.?AVCComCtlWrapper@@
.?AVCCommDlgWrapper@@
.?AV_AFX_BASE_MODULE_STATE@@
.?AVCOleException@@
.?AVCException@@
.PAVCOleException@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.?AVCMemoryException@@
.?AVCSimpleException@@
.?AVCNotSupportedException@@
.?AVCInvalidArgException@@
.?AVCAfxStringMgr@@
.?AUIAtlStringMgr@ATL@@
.?AV_AFX_RICHEDIT_STATE@@
.?AV_AFX_EDIT_STATE@@
.?AVXRichEditOleCallback@CRichEditView@@
.?AUIRichEditOleCallback@@
.?AVXOleClientSite@COleClientItem@@
.?AUIOleClientSite@@
.?AVXAdviseSink@COleClientItem@@
.?AUIAdviseSink@@
.?AVXOleIPSite@COleClientItem@@
.?AUIOleInPlaceSite@@
.?AVCFileException@@
.?AVXOleCommandTarget@COleFrameHook@@
.?AUIOleCommandTarget@@
.?AVCOleFrameHook@@
.?AVXOleInPlaceFrame@COleFrameHook@@
.?AUIOleInPlaceFrame@@
.?AUIOleInPlaceUIWindow@@
.?AVCCommandLineInfo@@
.?AVCMultiDocTemplate@@
.?AVCDocTemplate@@
.?AVIControlSiteFactory@@
.?AV?$CList@PAVIControlSiteFactory@@PAV1@@@
.?AVCOleControlSiteFactory@@
.?AVCControlSiteFactoryMgr@@
.?AVCOccManager@@
.?AVXOleObject@COleServerDoc@@
.?AUIOleObject@@
.?AVXDataObject@COleServerDoc@@
.?AUIDataObject@@
.?AVXPersistStorage@COleServerDoc@@
.?AUIPersistStorage@@
.?AUIPersist@@
.?AVXOleInPlaceObject@COleServerDoc@@
.?AUIOleInPlaceObject@@
.?AVXOleInPlaceActiveObject@COleServerDoc@@
.?AUIOleInPlaceActiveObject@@
.?AVCMirrorFile@@
.?AVCFile@@
.?AVXPersistFile@COleLinkingDoc@@
.?AUIPersistFile@@
.?AVXOleItemContainer@COleLinkingDoc@@
.?AUIOleItemContainer@@
.?AUIOleContainer@@
.?AUIParseDisplayName@@
.?AVCPrintingDialog@@
.?AV_AFX_WIN_STATE@@
.?AVCPen@@
.?AVCPreviewView@@
.?AVCScrollView@@
.?AVCChevronOwnerDrawMenu@@
.?AVCStatusBar@@
.?AVCControlBar@@
.?AVCStatusCmdUI@@
.?AV?$CArray@HABH@@
.?AVCToolBar@@
.?AVCToolCmdUI@@
.?AVCDockBar@@
.?AVCMiniDockFrameWnd@@
.?AVCMiniFrameWnd@@
.?AVCStringArray@@
.PAVCResourceException@@
.?AVCResourceException@@
.?AVCUserException@@
.?AVCDC@@
.?AVCClientDC@@
.?AVCWindowDC@@
.?AVCPaintDC@@
.?AVCBrush@@
.?AVCDWordArray@@
.?AVCRgn@@
.?AVCPtrList@@
.?AUCThreadData@@
.?AVCImageList@@
.?AVCArchiveException@@
.PAVCArchiveException@@
.?AVCMapPtrToPtr@@
.?AVCHandleMap@@
.?AVCFixedStringMgr@ATL@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.?AV?$CSimpleStringT@_W$0A@@ATL@@
.?AVCOleDialog@@
.?AVXOleUIObjInfo@COlePropertiesDialog@@
.?AUIOleUIObjInfoA@@
.?AVCOlePropertiesDialog@@
.?AVCOleInsertDialog@@
.?AVCOleLinksDialog@@
.?AVCOlePasteSpecialDialog@@
.?AVCOleUILinkInfo@@
.?AUIOleUILinkInfoA@@
.?AUIOleUILinkContainerA@@
.?AVCFindReplaceDialog@@
.?AVCFontDialog@@
.?AVCPtrArray@@
.?AVCEnumFormatEtc@@
.?AVCEnumArray@@
.?AVXDataObject@COleDataSource@@
.?AVCOleDataSource@@
.?AVCObList@@
.?AVCOleStreamFile@@
.?AV_AFX_OLE_STATE@@
.?AVCOleCmdUI@@
.?AVCRecentFileList@@
.?AVCPrintDialog@@
.?AVCNewTypeDlg@@
.?AVCDocManager@@
.?AVCEnumUnknown@@
.?AV?$_CTypedPtrList@VCPtrList@@PAUCOleControlSiteOrWnd@@@@
.?AV?$CTypedPtrList@VCPtrList@@PAUCOleControlSiteOrWnd@@@@
.?AVCOleControlContainer@@
.?AVXOleContainer@COleControlContainer@@
.?AVXOleIPFrame@COleControlContainer@@
.?AVCDataSourceControl@@
.?AUINotifyDBEvents@@
.?AVXOleClientSite@COleControlSite@@
.?AVXOleControlSite@COleControlSite@@
.?AUIOleControlSite@@
.?AVXAmbientProps@COleControlSite@@
.?AVXPropertyNotifySink@COleControlSite@@
.?AUIPropertyNotifySink@@
.?AVXEventSink@COleControlSite@@
.?AVXBoundObjectSite@COleControlSite@@
.?AUIBoundObjectSite@@
.?AVXNotifyDBEvents@COleControlSite@@
.?AVXRowsetNotify@COleControlSite@@
.?AUIRowsetNotify@@
.?AVXOleIPSite@COleControlSite@@
.?AUIOleInPlaceSiteWindowless@@
.?AUIOleInPlaceSiteEx@@
.?AVCOleControlSite@@
.?AVCMemFile@@
.?AVCOleMessageFilter@@
.?AVXMessageFilter@COleMessageFilter@@
.?AUIMessageFilter@@
.?AVCOleIPFrameWnd@@
.?AV_AFX_MOUSEANCHORWND@@
.?AVCPreviewDC@@
.?AVCDialogBar@@
.?AVCMapStringToPtr@@
.?AVCDockContext@@
.?AVCArchiveStream@@
.?AUIStream@@
.?AUISequentialStream@@
.?AVCByteArray@@
.?AVCSharedFile@@
.?AVCOleBusyDialog@@
.?AVXEnumVOID@CEnumArray@@
.?AUIEnumVOID@@
.?AV?$CArray@VCVariantBoolPair@@ABV1@@@
.?AVCOleDispatchException@@
.PAVCOleDispatchException@@
Apartment
.?AVCToolTipCtrl@@
.?AVtype_info@@
.?AVbad_exception@std@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
SX[:N(
SbpS(
SX[:N(
SbpS(
yr'`(
SbpS:g:
SbpS(
>e'Y(
echSb
S>e'Y0R
OX[0R
N*N(W
N*N(W
N*N(W
S_ck(W
g~b0R
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
EeLuEBBkJ6K2*KruXfh9n98qzP004y}ebZTHb*
CRYPT32.DLL
YaccParent
accChildCount
accChild
accName
accValue
accDescription
accRole
accState
accHelp
accHelpTopic
accKeyboardShortcut
accFocus
accSelection
accDefaultAction
accSelect
accLocation
accNavigate
accHitTest
accDoDefaultAction
(null)
Ctrl+N
Ctrl+O
Ctrl+S
(&A)...
Ctrl+P
(&R)...
Ctrl+N
Ctrl+O
(&R)...
DemoEditor(&A)...
Ctrl+N
Ctrl+O
Ctrl+S
(&A)...
Ctrl+P
(&R)...
Ctrl+Z
Ctrl+X
Ctrl+C
Ctrl+V
(&S)...
Ctrl+A
Ctrl+F
Ctrl+H
(&N)...
(&K)...
Alt+Enter
Visual Basic
Visual C++
DemoEditor(&A)...
DemoEditor
(C) 2002
MS Shell Dlg
MS Shell Dlg
MS Shell Dlg
(&P)...
MS Shell Dlg
DemoEd Document
VS_VERSION_INFO
StringFileInfo
080404B0
CompanyName
FileDescription
FileVersion
1, 0, 0, 1
InternalName
Visual Editor
LegalCopyright
(C) 2002
LegalTrademarks
OriginalFilename
Visual Editor.EXE
ProductName
ProductVersion
1, 0, 0, 1
VarFileInfo
Translation
This file is not on VirusTotal.

Process Tree


0s2pq1fZJ58j5H.exe, PID: 1308, Parent PID: 2480
Full Path: C:\Users\user\AppData\Local\Temp\0s2pq1fZJ58j5H.exe
Command Line: "C:\Users\user\AppData\Local\Temp\0s2pq1fZJ58j5H.exe"
0s2pq1fZJ58j5H.exe, PID: 2756, Parent PID: 1308
Full Path: C:\Users\user\AppData\Local\Temp\0s2pq1fZJ58j5H.exe
Command Line: --f53fe057
explorer.exe, PID: 1632, Parent PID: 1496
Full Path: C:\Windows\explorer.exe
Command Line: C:\Windows\Explorer.EXE
services.exe, PID: 460, Parent PID: 372
Full Path: C:\Windows\sysnative\services.exe
Command Line: C:\Windows\system32\services.exe
compontitle.exe, PID: 2036, Parent PID: 460
Full Path: C:\Windows\SysWOW64\compontitle.exe
Command Line: "C:\Windows\SysWOW64\compontitle.exe"

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

File name compontitle.exe
Associated Filenames
C:\Windows\SysWOW64\compontitle.exe
File Size 688163 bytes
File Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 b015fcd9c1492a52b7751538edf5e335
SHA1 52103208de0b78652d2ea9df52e2612f489df699
SHA256 2fb5dc0763e93fd349aaf8bb53b444b8ef51b6011b872f535994a294eae599a7
CRC32 375A8AED
Ssdeep 12288:mUILKCNARjwrJ8//CIrqs8hlbfytwX2CN:wS5qJ8/JrqsMutwX2
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
Type Emotet Config
RSA public key
-----BEGIN PUBLIC KEY----- MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAMqZMACZDzcRXuSnj2OI8LeIYKrbUIXL faUgIJPwYd305HnaBS2AfA0R+oPxT32r+3BbayI3KguqAn3E+rbwtLhqhOXOlTnY 7yvG4ufmwCCkRzc6Sq8baToxmd6y523AIQIDAQAB -----END PUBLIC KEY-----
address
211.218.105.101:80
197.90.159.42:80
201.183.251.100:80
50.63.13.135:8080
80.211.32.88:8080
222.239.249.166:443
192.161.190.171:8080
161.18.233.114:80
41.218.118.66:80
189.236.4.214:443
181.197.108.171:443
80.93.48.49:7080
212.129.14.27:8080
78.46.87.133:8080
200.71.112.158:53
216.75.37.196:8080
157.7.164.178:8081
195.201.56.68:7080
189.180.105.125:443
124.150.175.129:8080
201.196.15.79:990
81.213.145.45:443
187.250.92.82:80
190.189.79.73:80
172.90.70.168:443
172.104.70.207:8080
176.58.93.123:80
152.169.32.143:8080
46.17.6.116:8080
50.116.78.109:8080
143.95.101.72:8080
163.172.97.112:8080
60.53.3.153:8080
37.59.24.25:8080
139.162.185.116:443
142.93.87.198:8080
182.176.116.139:995
122.11.164.183:80
46.105.131.68:8080
85.105.183.228:443
186.66.224.182:990
195.226.144.249:80
23.253.207.142:8080
181.47.235.26:993
162.144.46.90:8080
119.159.150.176:443
181.44.166.242:80
51.38.134.203:8080
172.245.13.50:8080
198.57.217.170:8080
192.241.220.183:8080
95.216.212.157:8080
187.177.155.123:990
177.226.25.78:80
177.103.201.23:80
190.101.87.170:80
191.100.24.201:50000
187.233.220.93:443
5.189.148.98:8080
95.216.207.86:7080
124.150.175.133:80
113.52.135.33:7080
212.112.113.235:80
217.26.163.82:7080
186.215.101.106:80
138.197.140.163:8080
72.27.212.209:8080
83.110.107.243:443
195.191.107.67:80
192.163.221.191:8080
Download
Type Emotet Payload: 32-bit executable
Size 66560 bytes
Virtual Address 0x035E0000
Process 0s2pq1fZJ58j5H.exe
PID 1308
Path C:\Users\user\AppData\Local\Temp\0s2pq1fZJ58j5H.exe
MD5 86df258421ac996adf02a72aa4697737
SHA1 f746395898bce0ee95396c975b9255dc9bd22b12
SHA256 e5f4dfab8e3f81cf27444c1124358f835785500f151deafc569fab74d36dc454
CRC32 A21D213B
Ssdeep 1536:HSQpv/ns4Q6UxkPWrbvkM8qLv1ASGZq4nvM6cCrc5hf8ILVV2MJel:yQns4UxkesgASGZtM6VKVBy
Yara None matched
CAPE Yara
  • Emotet
  • Emotet Payload
Download Download ZIP
Type Emotet Payload
Size 65024 bytes
Virtual Address 0x03730000
Process 0s2pq1fZJ58j5H.exe
PID 1308
Path C:\Users\user\AppData\Local\Temp\0s2pq1fZJ58j5H.exe
MD5 9f72826501454ad7dd1362202ab51467
SHA1 2d0135c2af339c174dc1e08c06a72db936171972
SHA256 3e7150ee7a462e9f356f6585e338ef06cf2e5ffd203e42288fb304bad7e1959a
CRC32 57F3CCC8
Ssdeep 1536:iSQpv/ns4Q6UxkPWrbvkM8qLv1ASGZq4nvM6cCrc5hf8ILVV2M/e:rQns4UxkesgASGZtM6VKVn
Yara None matched
CAPE Yara
  • Emotet
  • Emotet Payload
Download Download ZIP
Sorry! No process dumps.

Comments



No comments posted

Processing ( 7.979 seconds )

  • 4.159 Strings
  • 1.659 CAPE
  • 0.581 TargetInfo
  • 0.57 Static
  • 0.512 Dropped
  • 0.264 BehaviorAnalysis
  • 0.124 TrID
  • 0.096 Deduplicate
  • 0.008 NetworkAnalysis
  • 0.005 AnalysisInfo
  • 0.001 Debug

Signatures ( 0.201 seconds )

  • 0.034 antidbg_windows
  • 0.018 antiav_detectreg
  • 0.011 stealth_timeout
  • 0.008 NewtWire Behavior
  • 0.008 api_spamming
  • 0.008 decoy_document
  • 0.008 ransomware_files
  • 0.007 infostealer_ftp
  • 0.004 Doppelganging
  • 0.004 InjectionCreateRemoteThread
  • 0.004 antianalysis_detectreg
  • 0.004 antiav_detectfile
  • 0.004 infostealer_im
  • 0.003 injection_runpe
  • 0.003 injection_createremotethread
  • 0.003 antiemu_wine_func
  • 0.003 InjectionProcessHollowing
  • 0.003 antivm_generic_disk
  • 0.003 dynamic_function_loading
  • 0.003 persistence_autorun
  • 0.003 infostealer_mail
  • 0.003 ransomware_extensions
  • 0.002 malicious_dynamic_function_loading
  • 0.002 InjectionInterProcess
  • 0.002 antidebug_guardpages
  • 0.002 exploit_heapspray
  • 0.002 stealth_file
  • 0.002 mimics_filetime
  • 0.002 antivm_generic_scsi
  • 0.002 infostealer_browser_password
  • 0.002 virus
  • 0.002 kovter_behavior
  • 0.002 antivm_vbox_files
  • 0.002 antivm_vbox_keys
  • 0.002 browser_security
  • 0.002 infostealer_bitcoin
  • 0.001 tinba_behavior
  • 0.001 bootkit
  • 0.001 rat_nanocore
  • 0.001 stack_pivot
  • 0.001 exploit_getbasekerneladdress
  • 0.001 recon_programs
  • 0.001 antivm_generic_services
  • 0.001 antivm_vbox_window
  • 0.001 betabot_behavior
  • 0.001 exploit_gethaldispatchtable
  • 0.001 kibex_behavior
  • 0.001 Extraction
  • 0.001 reads_self
  • 0.001 cerber_behavior
  • 0.001 antisandbox_script_timer
  • 0.001 hancitor_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_vmware_keys
  • 0.001 antivm_xen_keys
  • 0.001 geodo_banking_trojan
  • 0.001 disables_browser_warn
  • 0.001 masquerade_process_name
  • 0.001 recon_fingerprint

Reporting ( 0.002 seconds )

  • 0.002 CompressResults
Task ID 115334
Mongo ID 5de5ed5438b1e1182f3b07e7
Cuckoo release 1.3-CAPE
Delete