Analysis Date2014-11-21 00:05:27
MD5c8be748f62a77dd4413b1c4d964c1abf
SHA10651db5fcde141f6730a61fcd9359cbc62c15679

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 841e2e858556d4a3421b63de4bb66d96 sha1: 4f45e0ac57521e10989eb8203b114d8a225bdbe9 size: 1024
Section.rdata md5: 3b7e67fb1ccbaf9bb4216814816e91ba sha1: a504a5735b53f6fc5724d26ba09482a9b5a539e1 size: 1024
Section.data md5: 8589a20c5b7c3de3ece563f3962530f5 sha1: a560db31a64b2cb913c2f420f09dd8019f05ca82 size: 1024
Section.rsrc md5: 4ccd3a2881d07e02cb3f3ea20fa8424c sha1: 346f506f844b9ae86114bbf9b9620d402c0f53e0 size: 42496
Timestamp2014-06-30 05:04:30
VersionLegalCopyright: Copyright (C) 2009
InternalName: genius
FileVersion: 8,2,3,23
ProductName: genius Application
ProductVersion: 2,3,3,22
FileDescription: genius Application
OriginalFilename: genius.exe
PEhashc7d051cb67aa79021e1fdf22e08021326cd976b7
IMPhashf0855f86d5b3050322afa714b88b2ec1
AV360 SafeGen:Variant.Graftor.144167
AVAd-AwareGen:Variant.Graftor.144167
AVAlwil (avast)Dropper-gen [Drp]
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Trojan.FFXD-0970
AVAvira (antivir)TR/Dropper.Gen
AVBullGuardGen:Variant.Graftor.144167
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. WebTrojan.MulDrop3.14959
AVEmsisoftGen:Variant.Graftor.144167
AVEset (nod32)Win32/Kryptik.CFVL
AVFortinetW32/CUTWAIL.BG!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Graftor.144167
AVGrisoft (avg)Agent
AVIkarusTrojan.Win32.Cutwail
AVK7Riskware ( 0040eff71 )
AVKasperskyTrojan.Win32.Cutwail.dpb
AVMalwareBytesTrojan.Agent.US
AVMcafeeDownloader-FAKU!C8BE748F62A7
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Cutwail.BS
AVMicroWorld (escan)Gen:Variant.Graftor.144167
AVNormanGen:Variant.Graftor.144167
AVRisingno_virus
AVSophosTroj/Cutwail-BG
AVSymantecTrojan.Gen
AVTrend Microno_virus
AVVirusBlokAda (vba32)Trojan.Cutwail

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\neggegwamrim ➝
C:\Documents and Settings\Administrator\neggegwamrim.exe
RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\AppManagement ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\public3.sta.net[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\allamericanprintinginc[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\casamolina[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\wex-americas[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\buergerzentrum-engelshof[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\fhgc[1].htm
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\a18ca4003deb042bbee7a40f15e1970b_666939c9-243b-475e-9504-51724db22670
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\tractusservices.co[1].htm
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\americangeriatrics[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\autobus.qc[1].htm
Creates FileC:\Documents and Settings\Administrator\neggegwamrim.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\yorkmfg[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\nytc[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\rubbernail[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\public3.sta.net[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\allamericanprintinginc[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\yorkmfg[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\wex-americas[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\buergerzentrum-engelshof[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\nytc[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\tractusservices.co[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\rubbernail[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\americangeriatrics[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\autobus.qc[1].htm
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutexneggegwamrim
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSamericangeriatrics.org
Winsock DNSpublic3.sta.net.cn
Winsock DNScasamolina.com
Winsock DNSteamco.com.tw
Winsock DNSfhgc.com
Winsock DNScccfcpa.com
Winsock DNSbuergerzentrum-engelshof.de
Winsock DNSemailsherri.com
Winsock DNSallamericanprintinginc.com
Winsock DNShigienika.pl
Winsock DNSnytc.org
Winsock DNSstpaulschambers.com
Winsock DNSwex-americas.com
Winsock DNSautobus.qc.ca
Winsock DNSrubbernail.com
Winsock DNSyorkmfg.com
Winsock DNSsormpack.com
Winsock DNStractusservices.co.uk
Winsock DNSravanagym.com
Winsock DNSsterlingfoundations.com

Network Details:

DNSsmtp.glbdns2.microsoft.com
Type: A
65.55.176.126
DNSsmtp.mail.us.am0.yahoodns.net
Type: A
98.139.211.125
DNSsmtp.mail.us.am0.yahoodns.net
Type: A
63.250.193.228
DNSsmtp.mail.us.am0.yahoodns.net
Type: A
98.138.105.21
DNSamericangeriatrics.org
Type: A
198.154.232.208
DNStractusservices.co.uk
Type: A
212.113.134.236
DNSautobus.qc.ca
Type: A
68.71.48.249
DNSpublic3.sta.net.cn
Type: A
218.1.66.90
DNSyorkmfg.com
Type: A
198.57.191.114
DNSnytc.org
Type: A
209.41.164.216
DNSsmtp.live.com
Type: A
DNSsmtp.mail.yahoo.com
Type: A
DNSbuergerzentrum-engelshof.de
Type: A
HTTP POSThttp://americangeriatrics.org/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://tractusservices.co.uk/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://autobus.qc.ca/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://public3.sta.net.cn/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://yorkmfg.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP POSThttp://nytc.org/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Flows TCP192.168.1.1:1031 ➝ 65.55.176.126:25
Flows TCP192.168.1.1:1032 ➝ 98.139.211.125:25
Flows TCP192.168.1.1:1042 ➝ 198.154.232.208:80
Flows TCP192.168.1.1:1052 ➝ 212.113.134.236:80
Flows TCP192.168.1.1:1053 ➝ 68.71.48.249:80
Flows TCP192.168.1.1:1054 ➝ 218.1.66.90:80
Flows TCP192.168.1.1:1055 ➝ 198.57.191.114:80
Flows TCP192.168.1.1:1056 ➝ 209.41.164.216:80

Raw Pcap
0x00000000 (00000)   504f5354 202f2048 5454502f 312e310d   POST / HTTP/1.1.
0x00000010 (00016)   0a416363 6570743a 202a2f2a 0d0a4163   .Accept: */*..Ac
0x00000020 (00032)   63657074 2d4c616e 67756167 653a2065   cept-Language: e
0x00000030 (00048)   6e2d7573 0d0a436f 6e74656e 742d5479   n-us..Content-Ty
0x00000040 (00064)   70653a20 6170706c 69636174 696f6e2f   pe: application/
0x00000050 (00080)   6f637465 742d7374 7265616d 0d0a436f   octet-stream..Co
0x00000060 (00096)   6e74656e 742d4c65 6e677468 3a203532   ntent-Length: 52
0x00000070 (00112)   340d0a55 7365722d 4167656e 743a204d   4..User-Agent: M
0x00000080 (00128)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000090 (00144)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x000000a0 (00160)   3b205769 6e646f77 73204e54 20352e31   ; Windows NT 5.1
0x000000b0 (00176)   3b205356 31290d0a 486f7374 3a20616d   ; SV1)..Host: am
0x000000c0 (00192)   65726963 616e6765 72696174 72696373   ericangeriatrics
0x000000d0 (00208)   2e6f7267 0d0a436f 6e6e6563 74696f6e   .org..Connection
0x000000e0 (00224)   3a204b65 65702d41 6c697665 0d0a4361   : Keep-Alive..Ca
0x000000f0 (00240)   6368652d 436f6e74 726f6c3a 206e6f2d   che-Control: no-
0x00000100 (00256)   63616368 650d0a0d 0a487872 4a34356a   cache....HxrJ45j
0x00000110 (00272)   557a4266 77327431 706d3039 69305973   UzBfw2t1pm09i0Ys
0x00000120 (00288)   6a4c384e 6779366f 7a544547 717a5270   jL8Ngy6ozTEGqzRp
0x00000130 (00304)   5a626e4d 6f717235 4a33524e 64534770   ZbnMoqr5J3RNdSGp
0x00000140 (00320)   4e53435a 4a6a3861 770d0a6b 7578306a   NSCZJj8aw..kux0j
0x00000150 (00336)   7033432b 5044754d 2f367654 44477641   p3C+PDuM/6vTDGvA
0x00000160 (00352)   50353939 34306434 34776666 6844626c   P59940d44wffhDbl
0x00000170 (00368)   41743437 784b6c48 316d3361 64363848   At47xKlH1m3ad68H
0x00000180 (00384)   46785a4a 31687163 5670360d 0a2b512f   FxZJ1hqcVp6..+Q/
0x00000190 (00400)   64666e2f 70335672 3738675a 6c465238   dfn/p3Vr78gZlFR8
0x000001a0 (00416)   36326252 706c6754 58334145 4d544843   62bRplgTX3AEMTHC
0x000001b0 (00432)   34726438 53366863 46345950 6d694d63   4rd8S6hcF4YPmiMc
0x000001c0 (00448)   50717136 2f444249 30544b78 330d0a70   Pqq6/DBI0TKx3..p
0x000001d0 (00464)   54506c46 34743470 34645130 5146426b   TPlF4t4p4dQ0QFBk
0x000001e0 (00480)   49672f61 7a644543 6a384330 5a567a4d   Ig/azdECj8C0ZVzM
0x000001f0 (00496)   59717144 78315a48 676a586b 45524431   YqqDx1ZHgjXkERD1
0x00000200 (00512)   45536c6f 69302b6b 77747368 6446480d   ESloi0+kwtshdFH.
0x00000210 (00528)   0a454a49 77506451 2b395438 5357576d   .EJIwPdQ+9T8SWWm
0x00000220 (00544)   7849797a 33776769 6e753850 2f584574   xIyz3wginu8P/XEt
0x00000230 (00560)   77397a37 48755831 73315a74 4a2f6951   w9z7HuX1s1ZtJ/iQ
0x00000240 (00576)   32667157 37676d54 54573465 4d5a6a79   2fqW7gmTTW4eMZjy
0x00000250 (00592)   430d0a69 576c4c4a 466a4746 4d744c6c   C..iWlLJFjGFMtLl
0x00000260 (00608)   39553131 66344952 3947394e 50337772   9U11f4IR9G9NP3wr
0x00000270 (00624)   4d785143 74537934 6776386f 4c434f67   MxQCtSy4gv8oLCOg
0x00000280 (00640)   54304137 52696769 6d446e4b 416a5664   T0A7RigimDnKAjVd
0x00000290 (00656)   4549470d 0a49656d 6e327635 73707a70   EIG..Iemn2v5spzp
0x000002a0 (00672)   31667245 6471304a 36534643 68554e44   1frEdq0J6SFChUND
0x000002b0 (00688)   6d456163 4b714734 32414c74 48564875   mEacKqG42ALtHVHu
0x000002c0 (00704)   49587964 53425636 62625651 534e6154   IXydSBV6bbVQSNaT
0x000002d0 (00720)   64315647 2f0d0a46 65654f56 636c7167   d1VG/..FeeOVclqg
0x000002e0 (00736)   72693334 61797077 32424932 33626450   ri34aypw2BI23bdP
0x000002f0 (00752)   48486754 764f4f2b 536d3949 7a4a3645   HHgTvOO+Sm9IzJ6E
0x00000300 (00768)   58594a42 2b345379 6f644436 64326e39   XYJB+4SyodD6d2n9
0x00000310 (00784)   773d3d0d 0a                           w==..

0x00000000 (00000)   504f5354 202f2048 5454502f 312e310d   POST / HTTP/1.1.
0x00000010 (00016)   0a416363 6570743a 202a2f2a 0d0a4163   .Accept: */*..Ac
0x00000020 (00032)   63657074 2d4c616e 67756167 653a2065   cept-Language: e
0x00000030 (00048)   6e2d7573 0d0a436f 6e74656e 742d5479   n-us..Content-Ty
0x00000040 (00064)   70653a20 6170706c 69636174 696f6e2f   pe: application/
0x00000050 (00080)   6f637465 742d7374 7265616d 0d0a436f   octet-stream..Co
0x00000060 (00096)   6e74656e 742d4c65 6e677468 3a203630   ntent-Length: 60
0x00000070 (00112)   340d0a55 7365722d 4167656e 743a204d   4..User-Agent: M
0x00000080 (00128)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000090 (00144)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x000000a0 (00160)   3b205769 6e646f77 73204e54 20352e31   ; Windows NT 5.1
0x000000b0 (00176)   3b205356 31290d0a 486f7374 3a207472   ; SV1)..Host: tr
0x000000c0 (00192)   61637475 73736572 76696365 732e636f   actusservices.co
0x000000d0 (00208)   2e756b0d 0a436f6e 6e656374 696f6e3a   .uk..Connection:
0x000000e0 (00224)   204b6565 702d416c 6976650d 0a436163    Keep-Alive..Cac
0x000000f0 (00240)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x00000100 (00256)   61636865 0d0a0d0a 59625277 534e3147   ache....YbRwSN1G
0x00000110 (00272)   6852634d 59356f71 464a6f45 64425a66   hRcMY5oqFJoEdBZf
0x00000120 (00288)   47772b4c 76796a2f 59555863 6733694a   Gw+Lvyj/YUXcg3iJ
0x00000130 (00304)   5134706f 636a4730 4b6b454a 4d4d5646   Q4pocjG0KkEJMMVF
0x00000140 (00320)   7377384a 336e5475 0d0a5441 58523164   sw8J3nTu..TAXR1d
0x00000150 (00336)   646b5755 7a687035 38543757 54384b51   dkWUzhp58T7WT8KQ
0x00000160 (00352)   2f447275 4e494e67 47665169 75717557   /DruNINgGfQiuquW
0x00000170 (00368)   4c764254 595a6145 30644135 5a6c3969   LvBTYZaE0dA5Zl9i
0x00000180 (00384)   7a767059 4e676c76 53570d0a 41633641   zvpYNglvSW..Ac6A
0x00000190 (00400)   4c6c7132 2b714677 4a2b7659 5837374e   Llq2+qFwJ+vYX77N
0x000001a0 (00416)   74486d6e 5774342f 752f6857 5a39556d   tHmnWt4/u/hWZ9Um
0x000001b0 (00432)   4a6c6162 58587934 5247774b 4f65334d   JlabXXy4RGwKOe3M
0x000001c0 (00448)   51373458 6a4f616d 6656654f 0d0a3742   Q74XjOamfVeO..7B
0x000001d0 (00464)   4743664d 33436142 55564d68 77456e31   GCfM3CaBUVMhwEn1
0x000001e0 (00480)   2b666e50 2f436b36 494c456c 72465546   +fnP/Ck6ILElrFUF
0x000001f0 (00496)   57722f51 5830506f 645a4e59 616a656f   Wr/QX0PodZNYajeo
0x00000200 (00512)   52395778 56586463 46706435 474f0d0a   R9WxVXdcFpd5GO..
0x00000210 (00528)   636e792f 6b653777 46502f55 324a3459   cny/ke7wFP/U2J4Y
0x00000220 (00544)   4e70362f 566c4f77 6b6c4554 58414e6e   Np6/VlOwklETXANn
0x00000230 (00560)   4a443844 4f50776e 39793230 33383446   JD8DOPwn9y20384F
0x00000240 (00576)   546d4c63 7054684e 575a7245 33764261   TmLcpThNWZrE3vBa
0x00000250 (00592)   0d0a474a 67754d50 50523469 42763859   ..GJguMPPR4iBv8Y
0x00000260 (00608)   79526546 4d556635 646a4d4a 4368504c   yReFMUf5djMJChPL
0x00000270 (00624)   41686354 34713639 3130514a 5653674d   AhcT4q6910QJVSgM
0x00000280 (00640)   6c324f4f 6c49436e 78513665 74356857   l2OOlICnxQ6et5hW
0x00000290 (00656)   72680d0a 34314462 31657267 714b554d   rh..41Db1ergqKUM
0x000002a0 (00672)   337a7048 344a4a34 33417753 78576342   3zpH4JJ43AwSxWcB
0x000002b0 (00688)   6a733146 634b4745 36567632 4b324d48   js1FcKGE6Vv2K2MH
0x000002c0 (00704)   72704873 5436424e 667a6f4d 69623836   rpHsT6BNfzoMib86
0x000002d0 (00720)   55714654 0d0a3074 6b576333 4839776a   UqFT..0tkWc3H9wj
0x000002e0 (00736)   5243534b 746d7465 2f73576f 49513769   RCSKtmte/sWoIQ7i
0x000002f0 (00752)   5434467a 32636351 644e3071 7466464e   T4Fz2ccQdN0qtfFN
0x00000300 (00768)   54684d66 6b335966 4b445963 5a396963   ThMfk3YfKDYcZ9ic
0x00000310 (00784)   3866516a 654f0d0a 48347a42 59646f54   8fQjeO..H4zBYdoT
0x00000320 (00800)   44663733 43365631 736d586b 72437974   Df73C6V1smXkrCyt
0x00000330 (00816)   48614148 73485778 5a504665 626e5676   HaAHsHWxZPFebnVv
0x00000340 (00832)   37462f70 6e725631 696c3138 39456955   7F/pnrV1il189EiU
0x00000350 (00848)   35526d37 47734165 0d0a7356 74536269   5Rm7GsAe..sVtSbi
0x00000360 (00864)   516e0d0a                              Qn..

0x00000000 (00000)   504f5354 202f2048 5454502f 312e310d   POST / HTTP/1.1.
0x00000010 (00016)   0a416363 6570743a 202a2f2a 0d0a4163   .Accept: */*..Ac
0x00000020 (00032)   63657074 2d4c616e 67756167 653a2065   cept-Language: e
0x00000030 (00048)   6e2d7573 0d0a436f 6e74656e 742d5479   n-us..Content-Ty
0x00000040 (00064)   70653a20 6170706c 69636174 696f6e2f   pe: application/
0x00000050 (00080)   6f637465 742d7374 7265616d 0d0a436f   octet-stream..Co
0x00000060 (00096)   6e74656e 742d4c65 6e677468 3a203439   ntent-Length: 49
0x00000070 (00112)   320d0a55 7365722d 4167656e 743a204d   2..User-Agent: M
0x00000080 (00128)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000090 (00144)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x000000a0 (00160)   3b205769 6e646f77 73204e54 20352e31   ; Windows NT 5.1
0x000000b0 (00176)   3b205356 31290d0a 486f7374 3a206175   ; SV1)..Host: au
0x000000c0 (00192)   746f6275 732e7163 2e63610d 0a436f6e   tobus.qc.ca..Con
0x000000d0 (00208)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000e0 (00224)   6976650d 0a436163 68652d43 6f6e7472   ive..Cache-Contr
0x000000f0 (00240)   6f6c3a20 6e6f2d63 61636865 0d0a0d0a   ol: no-cache....
0x00000100 (00256)   5767676c 39533758 4b426955 4f53306e   Wggl9S7XKBiUOS0n
0x00000110 (00272)   4f545338 76354738 71687575 61426849   OTS8v5G8qhuuaBhI
0x00000120 (00288)   51684944 6839504d 46675959 4f5a5443   QhIDh9PMFgYYOZTC
0x00000130 (00304)   782b726d 544d6f59 372f534e 62682f4d   x+rmTMoY7/SNbh/M
0x00000140 (00320)   0d0a4778 434a424e 6547474c 61746430   ..GxCJBNeGGLatd0
0x00000150 (00336)   4b336f75 64356e34 6d757948 38455965   K3oud5n4muyH8EYe
0x00000160 (00352)   6a2b6e53 674c6e51 506c6f67 372b4b6e   j+nSgLnQPlog7+Kn
0x00000170 (00368)   70515135 73506872 70545938 48755632   pQQ5sPhrpTY8HuV2
0x00000180 (00384)   384b0d0a 7255655a 4f395861 4b4e6b38   8K..rUeZO9XaKNk8
0x00000190 (00400)   555a564f 304c5a2f 38306545 586b6457   UZVO0LZ/80eEXkdW
0x000001a0 (00416)   74594457 794a6742 506a6269 2b515462   tYDWyJgBPjbi+QTb
0x000001b0 (00432)   387a382f 56416941 7a364c58 5754654f   8z8/VAiAz6LXWTeO
0x000001c0 (00448)   69512b54 0d0a5378 756c3773 36513976   iQ+T..Sxul7s6Q9v
0x000001d0 (00464)   356e502f 2b446e4a 7a683539 7748455a   5nP/+DnJzh59wHEZ
0x000001e0 (00480)   69523363 35324267 31787a36 5676724c   iR3c52Bg1xz6VvrL
0x000001f0 (00496)   4158586f 4c7a7273 58633278 52394533   AXXoLzrsXc2xR9E3
0x00000200 (00512)   36534369 474c0d0a 366e5661 6d356876   6SCiGL..6nVam5hv
0x00000210 (00528)   4c527254 5841356b 78585061 4a6b6472   LRrTXA5kxXPaJkdr
0x00000220 (00544)   5747654a 37516956 51533834 4c61652f   WGeJ7QiVQS84Lae/
0x00000230 (00560)   4b36377a 506d464d 6a4f3639 52627845   K67zPmFMjO69RbxE
0x00000240 (00576)   42764742 74534758 0d0a5a4f 70746652   BvGBtSGX..ZOptfR
0x00000250 (00592)   39585666 7a6c6875 306a4d38 51766a64   9XVfzlhu0jM8Qvjd
0x00000260 (00608)   762b544e 4639384e 6854694c 675a3372   v+TNF98NhTiLgZ3r
0x00000270 (00624)   374c7244 564f5861 58617a4b 74782b32   7LrDVOXaXazKtx+2
0x00000280 (00640)   6f474562 6e6c4646 74710d0a 346b6d4b   oGEbnlFFtq..4kmK
0x00000290 (00656)   5a347046 576e6532 4d47752b 556f724f   Z4pFWne2MGu+UorO
0x000002a0 (00672)   45304944 67507431 2b706354 6c4e764b   E0IDgPt1+pcTlNvK
0x000002b0 (00688)   68736a52 57764578 456b6550 44734a39   hsjRWvExEkePDsJ9
0x000002c0 (00704)   7a466268 4c4a6852 46467742 0d0a4b34   zFbhLJhRFFwB..K4
0x000002d0 (00720)   56306e53 45564230 70684874 38394263   V0nSEVB0phHt89Bc
0x000002e0 (00736)   65644271 32725067 3d3d0d0a 33626450   edBq2rPg==..3bdP
0x000002f0 (00752)   48486754 764f4f2b 536d3949 7a4a3645   HHgTvOO+Sm9IzJ6E
0x00000300 (00768)   58594a42 2b345379 6f644436 64326e39   XYJB+4SyodD6d2n9
0x00000310 (00784)   773d3d0d 0a                           w==..

0x00000000 (00000)   504f5354 202f2048 5454502f 312e310d   POST / HTTP/1.1.
0x00000010 (00016)   0a416363 6570743a 202a2f2a 0d0a4163   .Accept: */*..Ac
0x00000020 (00032)   63657074 2d4c616e 67756167 653a2065   cept-Language: e
0x00000030 (00048)   6e2d7573 0d0a436f 6e74656e 742d5479   n-us..Content-Ty
0x00000040 (00064)   70653a20 6170706c 69636174 696f6e2f   pe: application/
0x00000050 (00080)   6f637465 742d7374 7265616d 0d0a436f   octet-stream..Co
0x00000060 (00096)   6e74656e 742d4c65 6e677468 3a203630   ntent-Length: 60
0x00000070 (00112)   340d0a55 7365722d 4167656e 743a204d   4..User-Agent: M
0x00000080 (00128)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000090 (00144)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x000000a0 (00160)   3b205769 6e646f77 73204e54 20352e31   ; Windows NT 5.1
0x000000b0 (00176)   3b205356 31290d0a 486f7374 3a207075   ; SV1)..Host: pu
0x000000c0 (00192)   626c6963 332e7374 612e6e65 742e636e   blic3.sta.net.cn
0x000000d0 (00208)   0d0a436f 6e6e6563 74696f6e 3a204b65   ..Connection: Ke
0x000000e0 (00224)   65702d41 6c697665 0d0a4361 6368652d   ep-Alive..Cache-
0x000000f0 (00240)   436f6e74 726f6c3a 206e6f2d 63616368   Control: no-cach
0x00000100 (00256)   650d0a0d 0a53626c 367a4f58 6b466867   e....Sbl6zOXkFhg
0x00000110 (00272)   5838316e 6f6a4e45 6f373136 53787730   X81nojNEo716Sxw0
0x00000120 (00288)   7a536c36 4d36542b 344e5244 6764734a   zSl6M6T+4NRDgdsJ
0x00000130 (00304)   67537359 48717074 4f48386b 626b6970   gSsYHqptOH8kbkip
0x00000140 (00320)   4e35564d 530d0a7a 79593149 37767774   N5VMS..zyY1I7vwt
0x00000150 (00336)   30664c59 734c3569 37776350 4e617579   0fLYsL5i7wcPNauy
0x00000160 (00352)   3862514a 4e6e4872 77527642 73666861   8bQJNnHrwRvBsfha
0x00000170 (00368)   72765651 54575238 4c5a6646 6975796d   rvVQTWR8LZfFiuym
0x00000180 (00384)   46415470 3266720d 0a6c3145 4d514d63   FATp2fr..l1EMQMc
0x00000190 (00400)   2f2b7162 6c78414c 50513845 436e474c   /+qblxALPQ8ECnGL
0x000001a0 (00416)   4b524134 6d6c7642 496e4c4f 4a47306b   KRA4mlvBInLOJG0k
0x000001b0 (00432)   6e44576b 47517654 5a517763 46696143   nDWkGQvTZQwcFiaC
0x000001c0 (00448)   6e383571 6b573745 4a0d0a38 76326d52   n85qkW7EJ..8v2mR
0x000001d0 (00464)   37453442 52385574 4243697a 5750396b   7E4BR8UtBCizWP9k
0x000001e0 (00480)   6e722b34 45677470 4c473032 6b434263   nr+4EgtpLG02kCBc
0x000001f0 (00496)   64466f61 4b314e53 544a4852 78674475   dFoaK1NSTJHRxgDu
0x00000200 (00512)   4a72746d 53724e2b 4d486d0d 0a544177   JrtmSrN+MHm..TAw
0x00000210 (00528)   5454384a 6b394272 59703249 4335514b   TT8Jk9BrYp2IC5QK
0x00000220 (00544)   61577a61 32614967 39316c65 6d4a4e5a   aWza2aIg91lemJNZ
0x00000230 (00560)   46374a46 66415735 4238664a 72476846   F7JFfAW5B8fJrGhF
0x00000240 (00576)   6932734d 4d7a3845 36554567 7a0d0a4b   i2sMMz8E6UEgz..K
0x00000250 (00592)   32505a78 39453462 57454330 71776c31   2PZx9E4bWEC0qwl1
0x00000260 (00608)   62566670 396d6173 50656172 35697769   bVfp9masPear5iwi
0x00000270 (00624)   76754534 704b5775 42593477 6147645a   vuE4pKWuBY4waGdZ
0x00000280 (00640)   64417159 73536a6f 2f7a5173 716c5a0d   dAqYsSjo/zQsqlZ.
0x00000290 (00656)   0a456733 43676c76 4a706b6f 6a323450   .Eg3CglvJpkoj24P
0x000002a0 (00672)   41485336 44355434 522b7a33 71433557   AHS6D5T4R+z3qC5W
0x000002b0 (00688)   6d474a37 5a303738 716e5a73 7850376c   mGJ7Z078qnZsxP7l
0x000002c0 (00704)   765a4635 50527152 51423259 51393652   vZF5PRqRQB2YQ96R
0x000002d0 (00720)   360d0a65 6d454c47 7570316d 31505a51   6..emELGup1m1PZQ
0x000002e0 (00736)   65797330 56464976 76585669 3875707a   eys0VFIvvXVi8upz
0x000002f0 (00752)   536c7930 6e515a39 6b317342 5a6a5869   Sly0nQZ9k1sBZjXi
0x00000300 (00768)   736f7937 52713146 5378494a 4a542f2b   soy7Rq1FSxIJJT/+
0x00000310 (00784)   53412b0d 0a553655 33636a54 33515a37   SA+..U6U3cjT3QZ7
0x00000320 (00800)   34694864 34754d62 2f33336f 5078704f   4iHd4uMb/33oPxpO
0x00000330 (00816)   2b553358 45456957 6f4f4e6e 31485571   +U3XEEiWoONn1HUq
0x00000340 (00832)   77663170 7a6e724f 4b303841 72523348   wf1pznrOK08ArR3H
0x00000350 (00848)   744e7a46 440d0a51 6954745a 42413d0d   tNzFD..QiTtZBA=.
0x00000360 (00864)   0af15102                              ..Q.

0x00000000 (00000)   504f5354 202f2048 5454502f 312e310d   POST / HTTP/1.1.
0x00000010 (00016)   0a416363 6570743a 202a2f2a 0d0a4163   .Accept: */*..Ac
0x00000020 (00032)   63657074 2d4c616e 67756167 653a2065   cept-Language: e
0x00000030 (00048)   6e2d7573 0d0a436f 6e74656e 742d5479   n-us..Content-Ty
0x00000040 (00064)   70653a20 6170706c 69636174 696f6e2f   pe: application/
0x00000050 (00080)   6f637465 742d7374 7265616d 0d0a436f   octet-stream..Co
0x00000060 (00096)   6e74656e 742d4c65 6e677468 3a203535   ntent-Length: 55
0x00000070 (00112)   300d0a55 7365722d 4167656e 743a204d   0..User-Agent: M
0x00000080 (00128)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000090 (00144)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x000000a0 (00160)   3b205769 6e646f77 73204e54 20352e31   ; Windows NT 5.1
0x000000b0 (00176)   3b205356 31290d0a 486f7374 3a20796f   ; SV1)..Host: yo
0x000000c0 (00192)   726b6d66 672e636f 6d0d0a43 6f6e6e65   rkmfg.com..Conne
0x000000d0 (00208)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000e0 (00224)   650d0a43 61636865 2d436f6e 74726f6c   e..Cache-Control
0x000000f0 (00240)   3a206e6f 2d636163 68650d0a 0d0a6839   : no-cache....h9
0x00000100 (00256)   77664676 48473168 6350636c 36474542   wfFvHG1hcPcl6GEB
0x00000110 (00272)   4d6b6330 6f595546 38765130 32507464   Mkc0oYUF8vQ02Ptd
0x00000120 (00288)   774d6575 6a573146 576f6656 42572b39   wMeujW1FWofVBW+9
0x00000130 (00304)   79617255 58473472 52467a6e 71710d0a   yarUXG4rRFznqq..
0x00000140 (00320)   4b307668 6e684e61 7851574e 775a6c33   K0vhnhNaxQWNwZl3
0x00000150 (00336)   78316e6a 6c315941 4f514f67 75537a4d   x1njl1YAOQOguSzM
0x00000160 (00352)   696e2f63 664b3667 4d666873 4b2b4f53   in/cfK6gMfhsK+OS
0x00000170 (00368)   774d7362 2b54715a 7977304e 3232455a   wMsb+TqZyw0N22EZ
0x00000180 (00384)   0d0a382b 4e2b346a 73456d6b 4e614972   ..8+N+4jsEmkNaIr
0x00000190 (00400)   30614737 34756244 76633949 2f446d68   0aG74ubDvc9I/Dmh
0x000001a0 (00416)   74646433 57326d39 7a484554 4763434c   tdd3W2m9zHETGcCL
0x000001b0 (00432)   47533354 59385059 696e5561 41345230   GS3TY8PYinUaA4R0
0x000001c0 (00448)   35750d0a 4c69344e 334e672b 4474555a   5u..Li4N3Ng+DtUZ
0x000001d0 (00464)   47496b38 2b524943 50524557 4c356c34   GIk8+RICPREWL5l4
0x000001e0 (00480)   74493945 79324166 352b5051 56334269   tI9Ey2Af5+PQV3Bi
0x000001f0 (00496)   74594531 66307954 32525a56 636d4232   tYE1f0yT2RZVcmB2
0x00000200 (00512)   7a496e5a 0d0a6432 41586e49 474e6e47   zInZ..d2AXnIGNnG
0x00000210 (00528)   736f6c7a 69302f45 35585165 352b6b59   solzi0/E5XQe5+kY
0x00000220 (00544)   647a5256 55614e35 526f2b6f 69574875   dzRVUaN5Ro+oiWHu
0x00000230 (00560)   37756a39 79435145 59547534 7a596943   7uj9yCQEYTu4zYiC
0x00000240 (00576)   4b433475 49450d0a 6e537237 7835532b   KC4uIE..nSr7x5S+
0x00000250 (00592)   6e6b3457 7a547871 572b376b 52775047   nk4WzTxqW+7kRwPG
0x00000260 (00608)   6e4b6747 555a3736 71485979 75717139   nKgGUZ76qHYyuqq9
0x00000270 (00624)   6d636a32 6a717a41 4e4a6a6d 69744a4f   mcj2jqzANJjmitJO
0x00000280 (00640)   36643063 4c456644 0d0a444c 35413053   6d0cLEfD..DL5A0S
0x00000290 (00656)   55397232 594d4f37 46616c71 464a416f   U9r2YMO7FalqFJAo
0x000002a0 (00672)   496c6773 78796f5a 75305a66 4a556a52   IlgsxyoZu0ZfJUjR
0x000002b0 (00688)   50796d55 446f7035 73573749 6f597a48   PymUDop5sW7IoYzH
0x000002c0 (00704)   4d69344e 2b4d5563 4c4a0d0a 5748446d   Mi4N+MUcLJ..WHDm
0x000002d0 (00720)   5a473063 44476133 6e6d4d63 2b516554   ZG0cDGa3nmMc+QeT
0x000002e0 (00736)   4248786c 397a5065 48557078 31336e57   BHxl9zPeHUpx13nW
0x000002f0 (00752)   36697450 444b784a 6269474d 66793438   6itPDKxJbiGMfy48
0x00000300 (00768)   385a4232 44725667 51536751 0d0a4a71   8ZB2DrVgQSgQ..Jq
0x00000310 (00784)   744b6d61 37554d6b 7a746539 38693564   tKma7UMkzte98i5d
0x00000320 (00800)   593d0d0a                              Y=..

0x00000000 (00000)   504f5354 202f2048 5454502f 312e310d   POST / HTTP/1.1.
0x00000010 (00016)   0a416363 6570743a 202a2f2a 0d0a4163   .Accept: */*..Ac
0x00000020 (00032)   63657074 2d4c616e 67756167 653a2065   cept-Language: e
0x00000030 (00048)   6e2d7573 0d0a436f 6e74656e 742d5479   n-us..Content-Ty
0x00000040 (00064)   70653a20 6170706c 69636174 696f6e2f   pe: application/
0x00000050 (00080)   6f637465 742d7374 7265616d 0d0a436f   octet-stream..Co
0x00000060 (00096)   6e74656e 742d4c65 6e677468 3a203438   ntent-Length: 48
0x00000070 (00112)   340d0a55 7365722d 4167656e 743a204d   4..User-Agent: M
0x00000080 (00128)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000090 (00144)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x000000a0 (00160)   3b205769 6e646f77 73204e54 20352e31   ; Windows NT 5.1
0x000000b0 (00176)   3b205356 31290d0a 486f7374 3a206e79   ; SV1)..Host: ny
0x000000c0 (00192)   74632e6f 72670d0a 436f6e6e 65637469   tc.org..Connecti
0x000000d0 (00208)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000e0 (00224)   43616368 652d436f 6e74726f 6c3a206e   Cache-Control: n
0x000000f0 (00240)   6f2d6361 6368650d 0a0d0a62 45684347   o-cache....bEhCG
0x00000100 (00256)   666e6731 68636675 72736269 4a5a4d43   fng1hcfursbiJZMC
0x00000110 (00272)   4a497266 4e4c5879 61683050 6374674a   JIrfNLXyah0PctgJ
0x00000120 (00288)   305a6249 2f4d6571 47344d74 72697867   0ZbI/MeqG4Mtrixg
0x00000130 (00304)   4f2b2b4d 544f7652 3250470d 0a6d4849   O++MTOvR2PG..mHI
0x00000140 (00320)   37486a78 375a4b2b 79396c55 3236442b   7Hjx7ZK+y9lU26D+
0x00000150 (00336)   78723353 44507034 45743565 2b496666   xr3SDPp4Et5e+Iff
0x00000160 (00352)   73334734 43546561 6d56326b 786e4c31   s3G4CTeamV2kxnL1
0x00000170 (00368)   6f705232 344a7458 3430784d 410d0a71   opR24JtX40xMA..q
0x00000180 (00384)   4f794b7a 33726f79 54524774 46665a77   OyKz3royTRGtFfZw
0x00000190 (00400)   61527551 4e734862 49412f64 336d4335   aRuQNsHbIA/d3mC5
0x000001a0 (00416)   71617479 73536162 77454953 48305932   qatysSabwEISH0Y2
0x000001b0 (00432)   445a3048 4354776f 73615372 5572380d   DZ0HCTwosaSrUr8.
0x000001c0 (00448)   0a343967 51666d6d 757a4c70 4179376f   .49gQfmmuzLpAy7o
0x000001d0 (00464)   526a7354 304d6570 774a486f 6a526f50   RjsT0MepwJHojRoP
0x000001e0 (00480)   766a3354 4458706b 72623634 55727a70   vj3TDXpkrb64Urzp
0x000001f0 (00496)   74416665 45654262 78415231 5833516d   tAfeEeBbxAR1X3Qm
0x00000200 (00512)   650d0a2f 6b383672 2f7a4f56 4b335136   e../k86r/zOVK3Q6
0x00000210 (00528)   46747a53 76724d55 734d4e4d 54435850   FtzSvrMUsMNMTCXP
0x00000220 (00544)   5a625073 576b685a 45696555 796a6d76   ZbPsWkhZEieUyjmv
0x00000230 (00560)   52636735 6132746c 336a4852 4d463175   Rcg5a2tl3jHRMF1u
0x00000240 (00576)   56744a0d 0a646a4d 6e576c54 486d7536   VtJ..djMnWlTHmu6
0x00000250 (00592)   5a454e56 306b654f 44635076 70663461   ZENV0keODcPvpf4a
0x00000260 (00608)   485a394e 73487255 36595042 634c356d   HZ9NsHrU6YPBcL5m
0x00000270 (00624)   4a307055 75353734 6c377456 6f625053   J0pUu574l7tVobPS
0x00000280 (00640)   74516164 4a0d0a76 5135434f 4c316d30   tQadJ..vQ5COL1m0
0x00000290 (00656)   75543850 72524932 41397a76 31784969   uT8PrRI2A9zv1xIi
0x000002a0 (00672)   2b336473 686f494c 4a485a62 6d744f51   +3dshoILJHZbmtOQ
0x000002b0 (00688)   52514f34 70744f63 41463145 39773749   RQO4ptOcAF1E9w7I
0x000002c0 (00704)   4878576e 304b610d 0a547378 6c376d57   HxWn0Ka..Tsxl7mW
0x000002d0 (00720)   6c494772 73426267 666e556f 3d0d0a6a   lIGrsBbgfnUo=..j
0x000002e0 (00736)   5243534b 746d7465 2f73576f 49513769   RCSKtmte/sWoIQ7i
0x000002f0 (00752)   5434467a 32636351 644e3071 7466464e   T4Fz2ccQdN0qtfFN
0x00000300 (00768)   54684d66 6b335966 4b445963 5a396963   ThMfk3YfKDYcZ9ic
0x00000310 (00784)   3866516a 654f0d0a 48347a42 59646f54   8fQjeO..H4zBYdoT
0x00000320 (00800)   44663733 43365631 736d586b 72437974   Df73C6V1smXkrCyt
0x00000330 (00816)   48614148 73485778 5a504665 626e5676   HaAHsHWxZPFebnVv
0x00000340 (00832)   37462f70 6e725631 696c3138 39456955   7F/pnrV1il189EiU
0x00000350 (00848)   35526d37 47734165 0d0a7356 74536269   5Rm7GsAe..sVtSbi
0x00000360 (00864)   516e0d0a                              Qn..


Strings
.
.h..
R2
@
041904b0
2,3,3,22
8,2,3,23
absolutely
accordingly exactly
adore pregnant ashamed
&always
&and--always surrender
apparently better
&appealed anything
beauty fruition windows
because people
Behind
between
&brute Elizabethan
business
Carr?? tenderness
church
&clever
completely
complying geography present
consider London sense casual
contained
Copyright (C) 2009
costume morrow
counted
cousins appearance
Dashwood
decent
demanded interesting
&desultory completely
different seeing
discomfort
distinctness seeing
document pittore
effect feelings
encourage brush
entanglements
everything
exclaim personage reason Peter2moment fairest elected haunted things Carr?? words
expressed sociable
FileDescription
FileVersion
genius
genius Application
genius.exe
gentlemen disappointment old-fashioned paint
greeted painter return gesture
happened
hard--it somewhere again
&her--he
holiday
Hoppuss observe yours speaking
&INDEMNITY
interlocutor
InternalName
&irritation
judged cousins--their
&knowledge
&knowledge intimacy;
least
LegalCopyright
&leisure spoken
&lovely
manners elements
&married triumph
matrons
method remember
moment
month bazaar
mother cleared
mother theatre Shakespeare
MS Shell Dlg
&opined
OriginalFilename
&other manifestation
otherwise
panels
people unmolested
Peters
&possibilities
ProductName
ProductVersion
&profanity that--he
&profit wished
&proved simple
public
question
quickly
&rather mother
&really
receiving London creations
&revelations magnificently
RichEdit20A
&Rosedale
'Rosedale things custom minute professed
&sentiment
+should ambitions--tremendous talked bargain%daughter say--Nick particular freedom
sitting
smiling stared;
&sort--I
statutes
Still
StringFileInfo
studio
&studio
sufficient things feared
SysListView32
Tahoma
theatre
&things
things brightly
&thought laughed
to-day
toward there sister inconsistent
Translation
travelled trifler
truths
turned
VarFileInfo
vision
visit presumably
volition(though particular vague moreover thought'lighter mirror everything on--in critic
voracity derive dropped strictness
VS_VERSION_INFO
weaken myself
whether
wonderful
would Calcutta
&would individually
wounds; Dormer
&write
0b~KjS{"
4FdLX%
6:j'U<
8LQcrb
_*`8zT
!*<9xMr
a!q;v|
A R~OSpVtF
aS1gSY
b6?S5~d)
}}b_P[
cJqjJsD
CreateWindowExA
d0d@xM
~>D}1.8l
D47tW8
@.data
DefWindowProcA
DispatchMessageA
d~quzpooxzuq
?eHV24
 F 6/iYs
FDDm]L
FindResourceA
]FNIG< _izzmSPLCE
f[RD48%
FuZ3isfn
 %	f?Zz0
!G1/iP
gatFFwewqyt qwje
GetCurrentThreadId
GetMessageA
GetModuleHandleA
GetProcessHeap
+gy<y3
.(Ha+p
HeapAlloc
HM,ki<
_&'i##:
 [ IHzw
[Iw	x,`Pel
^JEsxxwqz~qwt
kernel32.dll
KG8K47c=
KillTimer
kj^2m2
LoadCursorA
LoadIconA
LoadResource
m$01jux
N7%`\	
{OAXQ}
&O_j[te5A~
OX;`@X
p+(=3,
P9~DFv
PBib$Z
pBM{6z
PostQuitMessage
)_pWWBY
Q6VwF5
qdw,D,f
QE'$/,
qyHeq~
`.rdata
RegisterClassExA
re)(X/
r|\Tnt4
R(U7^<!
SetTimer
ShowWindow
svchost
s$~? z
T5aFIa
Td?2e[
!This program cannot be run in DOS mode.
t/	Or*~
TranslateMessage
!)u8	b
uILNOONLquxzkkzx
UpdateWindow
user32.dll
	UwF)I
VKgRLM]\zw{^PYAHN
V"vli~
wM>`Q}
wXlBN0~
wZk!/f
}wzNCy`hACNJ
x\4JRp4U
XEV7kS
/XLEu)
_.XN5j
>,YGtz
yow\E?}H3"
Yx|~-Gz
zbgNXT
zJPzXO
+zqq\^e
Z;RNj{
~ZYXL%Z