Sample details: 635019deee2492c073ee684b34fe9a35 --

Hashes
MD5: 635019deee2492c073ee684b34fe9a35
SHA1: c0bc5628feb76559aab0f30d84901143615217f4
SHA256: 2b663d6727c57b9b8e07727e0a3edfa863e77f72a32efcfb4f53554bb973fb5e
SSDEEP: 6144:zSncRl0cd6bUfFdXThUkYb//1Pxw5dIKCC0ef//uXltKc+LVsz9b8R4jvLXouaw:G4ywPXKU5dFeCXuLKcCVsz6SDLXoe
Details
File Type: PE32
Yara Hits
YRP/VC8_Microsoft_Corporation | YRP/Microsoft_Visual_Cpp_8 | YRP/UPXv20MarkusLaszloReiser | YRP/UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/maldoc_find_kernel32_base_method_1 | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Browsers | YRP/Dropper_Strings | YRP/DebuggerCheck__QueryInfo | YRP/SEH__vba | YRP/Check_OutputDebugStringA_iat | YRP/anti_dbg | YRP/network_dns | YRP/screenshot | YRP/cred_local | YRP/win_registry | YRP/win_private_profile | YRP/win_files_operation | YRP/CRC32_poly_Constant | YRP/CRC32_table | YRP/MD5_Constants | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Internet_API | YRP/UPX | YRP/with_sqlite | YRP/suspicious_packer_section |
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
D$@SVW
^SSSSS
t$<"u	3
< tK<	tG
j@j ^V
URPQQh
v	N+D$
;t$,v-
UQPXY]Y[
t"SS9] u
PPPPPPPP
PPPPPPPP
QQSVWd
t*=RCC
;7|G;p
tR99u2
Unknown exception
CorExitProcess
bad allocation
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
shell32.dll
ShellExecuteA
invalid string position
string too long
RT_BITMAP
RT_ICON
RT_MENU
RT_DIALOG
RT_STRING
RT_FONTDIR
RT_ACCELERATOR
RT_RCDATA
RT_MESSAGETABLE
RT_VERSION
RT_DLGINCLUDE
RT_PLUGPLAY
RT_VXD
RT_ANICURSOR
RT_ANIICON
RT_HTML
%TEMP%
DROPIN
%APPDATA%
%PROGFILES%
%DEFDRIVE%
%STARTUPDIR%
%LAPPDATA%
%USERDIR%
FULLPATH
bad exception
C:\Users\DarkCoderSc\Desktop\Celesty Binder\Stub\STATIC\Stub.pdb
CreateFileA
FindResourceA
FreeLibrary
LoadResource
WriteFile
SizeofResource
GetProcAddress
LoadLibraryA
LockResource
EnumResourceNamesA
CloseHandle
FreeResource
GetWindowsDirectoryA
OutputDebugStringA
GetTempPathA
KERNEL32.dll
ShellExecuteA
SHGetSpecialFolderPathA
SHELL32.dll
GetModuleHandleW
ExitProcess
DecodePointer
EncodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetLastError
HeapFree
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetStdHandle
GetModuleFileNameW
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LCMapStringW
MultiByteToWideChar
GetStringTypeW
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVexception@std@@
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
!This program cannot be run in DOS mode.
`.rdata
@.data
9D$(ub
L$(9L$@
v89l$D|0
uM9l$D}G
D$0;D$(
9|$4r4
9|$4r4
+L$PRQW
+D$P][_^
AP32uS
L$<+L$
L$<+L$
L$<+L$
XjTZj3f
XjNYjEf
Xjr^jlf
ZjPXjIf
Xj2_jSf
je[j3f
ZjHXjEf
WWhM8g
t8VVh@
QVVVWVV
tCVVh[
YYGt]h
WWhQ]V
QSSSSSSh 
WWh_*y
WWh_*y
SWh0QA
uiSShx
t{;Atsv
u.hpSA
QQQQQQRP
uWSVW3
u.hTSA
[Sh@TA
>versu
VVVQPR
u8hXaA
tOWVhPeA
t-Sh,dA
tOSVWh
tOSVWh
t3hPdA
tOSVWh
tOSVWh
tOSVWh
tJSVWh
t3hPdA
_PSh\QA
t2Wh@?
QWWWVWWW
uVhpiA
WVhTlA
j*XjMf
XjiYjlf
HSVWjAXjcYjof
Xjt[j*f
Xjf_j%f
Yj\ZjDf
Xje^jkf
YjSXjof
HSVWj%Xjsf
Xji[jlf
Xjo^jt_jfZjef
XjrYjPf
jmXjlf
pSVWj%ZjS^jYXjTf
XjEYjMf
ZjoXjff
Xja[jrf
Xje_jnf
ji^jlZjgf
Yj\XjD_jtf
_jmXj.f
SVWjSXjof
Xjr[je^j\ZjWf
XjiYjn_jCf
YjUXjAf
DSVWj%Xjsf
Xje[jr_jaf
Xj ^jMZjiYjlf
WVh`sA
0SVWj%Xjs[j\Zj._jpYju^jrf
YjeXjaf
4SVWj%Xjsf
Xj\^jPf
Xjo_jcZjmf
XjaYji[jlf
SVWjSXjOf
XjE[j\Yjf_jl^jaf
XjkZjaf
jmZVXjp^j.f
^juYjhf
YjaXjpf
YjaXjpf
js[jmXjaYj.f
YjtZjp^jaf
[jmXjaf
ZjpXjhf
ju^jhXjef
^jpXjof
VjaXjdf
PSVWj%Xjsf
Xj\[jTf
Xju^jlYjyf
XjaZji_jDf
SVWj%Xjsf
Xj\Yjyf
Xj2ZjPf
YjOXj3f
Xj.[jx^jm_jlf
j\XjSf
Yj%Xjsf
j\XjyZjMf
XjiYj\f
VShLwA
VShhwA
7PSh|wA
umj1Xf
u.hpiA
<0u8Wh
t]VWh0
Vj*Xj.f
SVWj*Xj.f
XjnYjff
Xjs[j\_jNf
Xjo^jtZjef
YjFXjlf
HSVWj%Xjsf
XjoYjnf
Xje[jpf
Xjt_jwf
XjlZjd^j\f
YjoXjzf
j8Xj.f
SVWj*Xj.Zjpf
XjgYj%f
Zj\Xjtf
Xjc[jk_je^j\f
j%Xjsf
TSVWj%Xjs^j\[jMf
XjiZjcYjrf
XjS_jkf
j*Xj.f
8VWj%Xjs_j\^jTf
XjoZj-f
XjDYj f
YjLXjif
j%XjsYj\f
 j*Xj.f
XjsYj\f
$SVWj*[j._jk^jdZjbYjxXf
(j%Xjsf
Xj ZjRf
XjoYjbf
,VWj*Xj.f
Xjb_jMf
Xji^jkYjrf
XjoZjtf
@SVWjSXjof
Xjt^jwf
Xjr[je_jFf
XjlZj YjTf
8VWjPXja^jsYjwf
XjrZjdf
jSXjof
SjcXj:f
jSXjoZjf
Xjr[jef
XjB_j Yjaf
XjiYjnf
Xjs[j\f
ZjtXjaf
YjeXjAf
VjPXjof
XjrYjSf
Sj%XjsYj\f
u@h(mA
uLh(mA
j.Xjzf
(Vj*Xj.f
XjmZjsYjc^jwf
WWh_*y
QQSVWh
tqNt*Nt
PWh\QA
jOXjLf
Xj3[j2_j.ZjdYjl^f
PPhM8g
t:WPVh
$@0123456789ABCDEF
UNIQUE
SQLite format 3
DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW
http://
https://
MachineGuid
SOFTWARE\Microsoft\Cryptography
LdrGetProcedureAddress
RtlNtStatusToDosError
RtlSetLastWin32Error
ZwQueryInformationProcess
RtlCreateUserThread
ZwAllocateVirtualMemory
NtFreeVirtualMemory
NtWriteVirtualMemory
ZwReadVirtualMemory
ZwResumeThread
last_compatible_version
password_value
username_value
origin_url
logins
VaultEnumerateItems
VaultEnumerateVaults
VaultFree
VaultGetItem
VaultOpenVault
VaultCloseVault
SELECT encryptedUsername, encryptedPassword, formSubmitURL, hostname FROM moz_logins
hostname
encryptedUsername
encryptedPassword
NSS_Init
NSS_Shutdown
PK11_GetInternalKeySlot
PK11_FreeSlot
PK11_Authenticate
PK11SDR_Decrypt
PK11_CheckUserPassword
SECITEM_FreeItem
sqlite3_finalize
sqlite3_step
sqlite3_close
sqlite3_column_text
sqlite3_open16
sqlite3_prepare_v2
sqlite3_prepare
ffffff
CloseHandle
CreateFileW
WriteFile
ExitProcess
CryptStringToBinaryA
StrStrA
GetProcAddress
LoadLibraryW
X!2$6*9(SKiasb+!v<.qF58_qwe~QsRTYvdeTYb
string
Server
settings
server
username
protocol
LsaICryptUnprotectData
UserName
Password
MAC=%02X%02X%02XINSTALL=%08X%08Xk
Fuckav.ru
aPLib v1.01  -  the smaller the better :)
Copyright (c) 1998-2009 by Joergen Ibsen, All Rights Reserved.
More information: http://www.ibsensoftware.com/
Qkkbal
getaddrinfo
freeaddrinfo
WS2_32.dll
GetLastError
SetLastError
HeapAlloc
HeapFree
GetProcessHeap
KERNEL32.dll
CoInitialize
CoUninitialize
CoCreateInstance
ole32.dll
OLEAUT32.dll
!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
VB5!6&*
wininet
InternetCloseHandle
kernel32
WideCharToMultiByte
MSVBVM60
PutMem8
PutMem4
LocalFree
LocalAlloc
advapi32
CredFree
InternetOpenUrlA
oleaut32
SysAllocString
GetVersionExA
user32
SendMessageA
FindWindowA
PostMessageA
GetWindow
FindWindowExA
InternetOpenA
crypt32
CryptUnprotectData
CredEnumerateW
GetMem1
NetApiBufferFree
LoadLibraryA
CallWindowProcA
GetProcAddress
RtlMoveMemory
NtCurrentTeb
LsaClose
GetLengthSid
LookupAccountNameA
ConvertSidToStringSidA
LsaRetrievePrivateData
LsaOpenPolicy
netapi32
RegOpenKeyExA
RegCloseKey
RegEnumKeyA
RegQueryValueExA
GetPrivateProfileStringA
VBA6.DLL
D8UL!=
C:\Windows\SysWOW64\msvbvm60.dll\3
CallAPI
strLib
strMod
Params
szProcessName
lpBuffer
XYYYYH
ffffff
MSVBVM60.DLL
MethCallEngine
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
frrn8--icdrwj_bmp,vwx-glbcv,nfn
!This program cannot be run in DOS mode.
(np]J	
s@J>@P
`_Y@d@.
y\DE4=
F!GtH@
^,AXD(
7LsY~9G
a>;>3i
`?	7&6
TDtjIP
n0/B@p
Uil0VI
4I\;H>
'7	ov|
RP6}$9u
A^O!X4
3P@*A0
^]3*|<
wB`R:-
vD(`#<,bI
8`[H>*|
za6ZH0v
FJFFFF
nc#f7_
N=vYA=
:49;|f
lTq)<c
h8AfH$
l:YFj?V!Y
|R^W?['
CBZYw.03L
t()r)M
0\V.%n
^0W~.S
j 9M[j
ZV.`_P^C
ShlYH_<
P"~{V+
A~sB^s
9X0~Rh
Hrzb;QFou
\01234
V`8<:@NDE
BCXYZ[\
Z!|p~'
'wjiXNU
<bafjf
I,pX!K3
);;X0}
t0j@_+
rL:PS"
6LM*:NA
\.D<TH\
LXPGh\
X5<O3o;
|luzWh
<VNh@!4=h<
PC0,h`
LNp	^u
	Va[&-L
H4QHDi
6ts:@P
F/9lr/
~d&2p9
4Pt,TkT
8Fh0>+Y
YAQ(H+
NFVZP><
:$V4KM
`4p%qn8
Bt9HHt.
h`QG!e^jIL
i"=1t)(-XZ=8nn_ED
7l'HuE
SO)x\m
=^.~!P
`pc(G_#
Ma4,@@V
wKt&=M
:|qo@KJ
*`Ex0t
qWVRPw 
`\	mz)= 
upx.qSs
GFr6QP
J$q3v	
AP^u	4
ti;>(i
5|s&@g
&P,0p(
Pn:za,
G}xCCS
0[Q]`A
P&O=ouX
t5sLT`@
f2C$ll4
DS VqL
-,#KlR
|s$t@;t|L(
G@W#'f
3v}VQRM
n*0C;P|
O&uJ&9!
bf9Nv<c@ Y|
X@Z-j8
=vu7`b
4a80y<\
m@QA}R
s35&O*
!/X!}qj0
u"2kmi
x~i1K3
2]f(Xg
~'8^	t
;N t#1
itc	^`
LN~$j(
`=j,C0R
D=\pC1W
HfGs7u
+PE	a,
7'qp	FF \e
nfYz@W
vc^]UU
'S}89`
owRNm;
d|P ;T
!4Pn).
jxPLqR
&L0T,0
 LEZ<lt0
s$'{<X
aO~b[Wq2B
(`p((pb
!VD	Z/
UB+,5 ^
x>/E)VX
?UD3(A8
3h]*QD
Dx30V$
S_QxQd
V#CBE<
a~p!xU
vHX0ML
&<2^S5\)
QH;zAg
Ys LtY \8
+,90N,
I`<v.f
6j(D$P
va@}4>
#L$XPQ
VI&X$F
ViB/ tt*
A$$'HNuu
44*8(`<
++D$2v#
txAj@	
H9N{x?G
H=:F n
I.8n\fS
@e|FPd@?lk
t9&d"PC
$aSa~4#
?PZ+$Pv|
)7z2m4
fx/34-(
_Y8H>C
03 uD>
0Rt:Hd
*4A?C[
Kt9Jt-
	pa.b>
:@H:Bf
m4H1_By0
`n"&:t
,?3TC8
h$4%7q@
aA^ux!
aM+I{4
hJkB@h
ul:xHJ
*F,JqyF
l4V*8z
Rx<A,x
$x@8.z
9p4Mii8t
 !""##$%
'(()*+,--./0012345667789:;<
CDEFFG/
HIJKfLMNOPQRfST6XYZfD
[f\]^_`afbcdf
>@6t<R7
	F(	V,p
DOsi..P,GH"
w38@EG8
"!6?(zs
2?.YV@0
NDvZnk
BjP-|!
Bz@h,t\
JLKQxn
h4&U]JD
xTz@b}
"$=1(=/!=
3-(t<t
|* "`R
~jFh`h	
(qBB.,2
@u	Vw8
8,UQrVz`H
J:8	H?
BPxdPV
lH(%(,6^
y8mp_HV9
Ec(GStS
Y	LDDHf;A
|LVybS
Vg78>	8
h}b,N*
PT~SNu
J~JJPU
Z R`g`-
`D}-hl
WPY-oXE
4&5[H&
$uv&:UN
xvuVu>7
f?R{R0P
"6[*ai
r{@tTFH
5TVVSc
u	,W$h6)
(xEV'p
u!Nuz+
VUt	Z}z
;t(.Hx%
30'{jKW
:_vKd|?
UJ/l>h
jIcct 
|nJ[iW
"D4GDIi
9p ~NB0
f>nPSM
(Jej'%
A;OP~GRp
N'S(>r
|<]7G[c
 6n0#6
ZS,@q2
|!pV8c
bPRVP<X
YH,i|z_
S%wF	8
dy@#4:
<g)TC0
WAn<`(
4 ,($0
c4bT8H
z&T"h4
VYLP,,7
hl<tJ`*
V#C%Y&]u
-_~A'0T+
lq)\x1$l
Jod`BC=
bAB\[]
hl[8FS
9	XZu&
(|P1^>
3h9@8J
0L#p6L
!!}5l@
1Vn\C1TLM
DGNR4KW
XWw8SQ
fbGcUF%
eSSESU
`zN8xP#
/3uo..
*H"SZDA
q;wL~"h
S"%!@8
cDRKFP
dZSRWo
0>J_Hx
2WhhO~
o-e-hZ_
^Ti`Ki
,0x^T`
s V~gE
qDGfLdN
Pj@T.@
jdX>FHv
{MRulRDP
qkd(+,
M4yKx?X>]@t
,`Ect<V
b<y,<8 
bi"+$9aD
iR0S},
$/C{vA
"wa?Ir
?8 4hX&
u,$9(,
koJMIx
``b+bY
H@hxwO
	|4< t0
L"SW{H
=<$jQ:
-9tt(L
	4pjH+FCY]
#E]k0	\d
D(Bl=n
Y3Jtr=<
&Tu6vIj
qad<0p
MJt~O4
PWn.Z0
2@t"RO
XMRp;X
*YX4Y6
u:6K$#NT
YT&a,b|
?A9~PfT
	} 	E$
t#HU08o
3lzgZ4
Lg .`/
BhB~b~
@D)0/i
H@g#G}r	0!4
=Pg'}4Yt
jxw>qx8m
V1h<Ib
<AOfj}
,-I./01
+2+34+567
=4Z[\t?
Mbaaefghijkl
rstuuvw
yz{|}~
MauX=`b
Fv0LaH
.[ZCXB
\.|xtp.
HDjph`
OumLB#
nWD7acom.apple.Sa
fari'.WebKit2
Proceso
SELECT ojgin_
url, actio
username_e
nt#value
*.^CGs
s7a3F&lui
","LE N
redReadA
P`bnra
tNyptUnpr
oLctDXa'
BZ?-vwxyz[4b
yx`L<$
qG-x060_d
2TXZ@{q
v format 3
htfullinn
onoff.
EATE TZL
W7*masL(
  type 
rootpag
3A?/,.-
Fmw2jp
REINDEXE
CAPEACHECKEYBEFO4GN
LAINSTDDA
L2XCEPT
TION^U
I7LUSI{
<OFF>HMV
NIQUFY
GROUPEfG
OTNULLI
g*f]CD^
GLOBYIF:
CUUMEW
DY?HerF7
nDLm:.P.Z(
)Q+e4"n-.1
uFo,w_1#
;py=>/q
<$Hq4o
&))**,,//112244
8;;=^>@@C
IJJOQQ"
_4TTWWXX[[]]^^aD"
ddgghhkkmmnnppss*
vyyzz||
O'Ewe_
OO^v{og'g
"iC_m#
?id, host
xSubmitURL;Fi
 > moz_/
'*KmVg
GlGF3m
0bR7_^n_
GpGg5u
o"+R_l?
>t4lKeySlot/
OCheck
icBWSDR_De
ToolZlp32S
.odule&Fi
l7sOFilExR
ouwC;Km
o*pm]:
ot aXabh
nNbin5c>umn 
f range
suppDt
hzgxf"8
ock g @
vDoiunY
epp6bks
cuBve_r.g
VgLy>i
_useds<r
 REALINT
NUMTEXT_
}*i4o?
:%MSOd
gTHDSAFE=w
TRACEyDB
CL_VA#
l'QUICKBA
LO,_md
)f223372036
Zawn0&<Y`
`{7qs_
g0x%x (Dn{
'%!.15g
>mj%08^
Jd[X]:b
z`f/m'^ch_
V^zde;
%V/u&m
tweL1\*
{"%w"G
y%yU_0||
sa=jof
,	.lQu
7%yN>c
4 nf&w
likegB
a_S%7b&
oo0-!B
_%p_oO
_db;?/
:e4)  
`KvQ;'A*
\9wBxB	f
DognCkp
mp2011-
 17:03:50 Z759d5a9
b3bba5fd
48f243d
7be2,3fe8cH7Q0
V@?vS4
yst?EF
:GVzZ\
cKP(mk
e*{pnl
\VS*05\x	
mK{/;/
Gw>F?p
m.aywy6
lSvwp,M
]`h`M&
6{Op QiTyp
i*t8BB#
??3@YAXP
hsr3"8
tKl2FID
og)S;&
`$LF[BoV
EZ	!mz
pupmdu
XPTPSW
KERNEL32.DLL
ADVAPI32.dll
COMCTL32.dll
comdlg32.dll
GDI32.dll
msvcrt.dll
ole32.dll
SHELL32.dll
USER32.dll
VERSION.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
RegCloseKey
FindTextW
SetBkMode
CoInitialize
SHGetMalloc
VerQueryValueW
!This program cannot be run in DOS mode.
D Hu,[
}WxyX"
0<	nFnF
w0F;g(
Vbc."^R&P
sM".vt
~ttyyy
SSWb^=
Chk{)"|
 H$T(d<p#G
x5p~~^h
'~~~~L
' <$H(
',d`dh
]4 @S%
HhDu!'
G-T;6*t
HFdh2O>
hALFca$3
nvx1V+
"UaXwhx"V
;p90\Y
^s0 dM
6d 48~;
c`a[HN
OP0|oj Y;
dqh\!*a0
D.slE9
MvGGF#
KAl-ZY	
]s5]:OYt<
neNUtf
A$U~f~
)x"bUY
?%gY.`
qnUtN 6
T=`j:k
>HP]Ki
u@T.fS
b%8	.Y
P8XY|&
E6`oWp
@tHB(I
s73+zr
c+%ASV
[8-tSQ/ 
Aj?h`)
=L%v(&
Ja/Vd0
6whIw[6
VP"R|j
Dk$d<,2
Km	EoH
!h6j#B;
 zLV8OY
6`HY&N
(&)?|L
Cxryx	
$xs/aYB
h(A$J8"D
DZCAEj
;3,7]$
$?(N,-.
f@ABCD
oth~';^
`vl"~-5
X|q_t}Q
Y%V:(>
$;)@$#z
9dyJ\*
	akr9;
?t0j@_+
0d+)@V
kR7[K<r4
zvPOZ$@
6;HEMh
98t?" 
-sQ/pM
zF \b2`
jJ0/M@
v![KWW
~!gp:;,
uf{8vW
$j@C	,^4
=TA29yr
6} 6Xbg
|n7G4V
'mS9z	
\*q.4]X
nl@	tI
.X2XW%
z%p)Q%
Tp25Ap<j
|'HuC 
A;	~"^h
E4cvH|
0M!	4p
< w1;]
,hgi{+
7Gu$t0
S(TC<h
uMiGLZ
cL. "E
6dE0R'
:dhHE4fS
-svFiW
1&X|' 
A"%&j	,0
'-tI-t
XT$Am-
W;gj'.
%=cy$p
dld{YH
PddddLHD@dddd<($ dddd
l47^m>
{vmt#x
MS Sans
ail PassV]
iewIY5
Moz0la\Prof
Ocurrent
\Qual~s
comm\EudorDC
sqlite3.
%YShowG
AddExpgtHea
POP3  
Us- N|e
,ao?#C
S<[/6d
6NHOic
Outlook
^edi{\H
Y[\n3y#BDKx
aACu)jg
gAiAl@XH
ubsyoemV
p-equiv='
`_pe' 
'ml;ch
'>?=bM 
moAl">
'm://w
O/" tXg"
"4</a>/?<pk
imapsmt^.
r_5mC<@v
+TxEnu
UnkhwY
sktcglboxf,
ISO-8859--{
/'	SCLiX
`|7cfg
FeKoSo
h'ruGXN
?lCJgmn
SELECT y, 
5Wkhm4m
 FROM 
v.NET'h@
kMSN(a
EAX=$ 
EB	CDv
a<Z{!E
->SDR_
STATIC;
100-9138-/d1	45a-
c04fc308f
O220D5t
CD853A	4BCOC
FD43F8F'1
\C417E2D75
gquo	8
<!DOYP
 "-6W3C
).  d;^
CxE?EE
aaaa99
 aaecd
diieth
no/oo-
2uuu/t
SMKr!]
__?)[X5
{o3c(w
+	K_K6{o
|o6w'o
3@+$lI
]CcW9	a
DEY7WF
VMNXx7
+';IPA
X36aqF
)wcEha
GTQOfl	
OgKa:M
m1t;ipMbo
QawWRt
\76/ON
+,a/wu
HDso1c
TypSmYkDX
deChF$k
Libra'9
SOPo''
bHsDK1B
9/_mb9b
{D$npr
??3@YAXP
Kg87iX
)am+-z
ys*q1h;
Ib1a6lmk
Xk!{-"3;
.!RSS$
	o	aTP
uAc4mo`
XPTPSW
wwwwwwwwwwwwwwp
""""" 
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="NirSoft" type="win32"></assemblyIdentity><description>NirSoft</description><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency></assembly>PAD
KERNEL32.DLL
ADVAPI32.dll
COMCTL32.dll
comdlg32.dll
GDI32.dll
msvcrt.dll
ole32.dll
RPCRT4.dll
SHELL32.dll
USER32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
RegCloseKey
FindTextA
SetBkMode
CoInitialize
UuidFromStringA
SHGetMalloc
Akj@kj
P\|7aL
'@4jwu8
2Ej;ej
[X}=Xc
1)N?J!
<	g c 
3{GjnFp
gM]c'\
3s&<3g
YI	He%
	0fj=@
SX3w.Zw
!(*~P=
\i,n(=