Analysis Date2014-12-21 18:34:37
MD5163404b5200ddd151de78b6b8f43861d
SHA1109def2fec25071eab29c6d3c8e37275dbe2ed11

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionUPX0 md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
SectionUPX1 md5: 8cf3dedb1d169b422803dd56858e0615 sha1: 9f4a8e01b3dbd3444934ab18bd77b76e91823ddc size: 938496
Section.rsrc md5: 08d0ca0c58b6ec838639a8f064a944db sha1: c5f1096de82fa2208f7c3a29a72d5ef8c15cb998 size: 3072
Timestamp2011-08-13 19:29:12
VersionLegalCopyright: Copyright © XMCCOIY Software
InternalName: Paa.exe
FileVersion: 6.1.7600.16385
CompanyName: Heaventools Software
ProductName: Copyright © XMCCOIY Software
ProductVersion: 6.1.7600.16385
FileDescription: Aeaufhptixigpjwalqgmounoxlopd
OriginalFilename: Gogri.exe
PackerUPX -> www.upx.sourceforge.net
PEhash56b55ddb7bc0501fbddba393678b20a61f105f78
IMPhashec317d547dbd464fa332867922dbf7b0
AV360 SafeGen:Variant.Kazy.12946
AVAd-AwareGen:Variant.Kazy.12946
AVAlwil (avast)FakeAlert-AYN [Trj]
AVArcabit (arcavir)Gen:Variant.Kazy.12946
AVAuthentiumW32/FakeAlert.OT.gen!Eldorado
AVAvira (antivir)TR/Crypt.ZPACK.Gen
AVBullGuardGen:Variant.Kazy.12946
AVCA (E-Trust Ino)Win32/FakeAV.AS!generic
AVCAT (quickheal)no_virus
AVClamAVTrojan.Agent-249409
AVDr. WebTrojan.MulDrop2.54093
AVEmsisoftGen:Variant.Kazy.12946
AVEset (nod32)Win32/Kryptik.RQF
AVFortinetW32/FakeAVPk.AC!tr
AVFrisk (f-prot)W32/FakeAlert.OT.gen!Eldorado
AVF-SecureGen:Variant.Kazy.12946
AVGrisoft (avg)Agent_r.ANN
AVIkarusTrojan.Win32FakeAV
AVK7Backdoor ( 04c4eaff1 )
AVKasperskyTrojan.Win32.Generic:Trojan.Win32.FakeAV.ehwe
AVMalwareBytesSpyware.Passwords.XGen
AVMcafeeFakeAlert-Rena.q
AVMicrosoft Security EssentialsRogue:Win32/FakeRean
AVMicroWorld (escan)Gen:Variant.Kazy.12946
AVRisingTrojan.Win32.Generic.12A2FC01
AVSophosMal/FakeAV-LX
AVSymantecTrojan.Gen
AVTrend MicroTROJ_GEN.F74EZIJ
AVVirusBlokAda (vba32)Trojan.FakeAV

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FilePIPE\wkssvc
Creates FilePIPE\srvsvc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\1.tmp
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\All Users\Application Data\defender
Creates FileC:\Documents and Settings\All Users\Desktop\Security Protection.lnk
Creates ProcessC:\Documents and Settings\All Users\Application Data\defender.exe

Process
↳ C:\Documents and Settings\All Users\Application Data\defender.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Security Protection ➝
C:\Documents and Settings\All Users\Application Data\defender.exe\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath ➝
C:\Documents and Settings\Administrator\Local Settings\Application Data\\x00
RegistryHKEY_CURRENT_USER\Software\F40C5BE803CBA1BAFA8C3727B0D8A9DD\FRun ➝
0\\x00
Creates FileScsi0:
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileScsi1:
Creates FilePhysicalDrive0
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\~DF2ECB.tmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates MutexSecurity Protection_MUTEX

Network Details:

DNSfunnyteens.com
Type: A
192.185.119.216
DNSyazminx.com
Type: A
208.73.211.244
DNSyazminx.com
Type: A
208.73.211.250
DNSyazminx.com
Type: A
208.73.210.211
DNSyazminx.com
Type: A
208.73.211.167
HTTP GEThttp://funnyteens.com/images/s6.php?id=117
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP GEThttp://yazminx.com/scripts/ss.php?id=117
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Flows TCP192.168.1.1:1031 ➝ 192.185.119.216:80
Flows TCP192.168.1.1:1032 ➝ 208.73.211.244:80

Raw Pcap
0x00000000 (00000)   47455420 2f696d61 6765732f 73362e70   GET /images/s6.p
0x00000010 (00016)   68703f69 643d3131 37204854 54502f31   hp?id=117 HTTP/1
0x00000020 (00032)   2e310d0a 55736572 2d416765 6e743a20   .1..User-Agent: 
0x00000030 (00048)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000040 (00064)   70617469 626c653b 204d5349 4520362e   patible; MSIE 6.
0x00000050 (00080)   303b2057 696e646f 7773204e 5420352e   0; Windows NT 5.
0x00000060 (00096)   313b2053 5631290d 0a486f73 743a2066   1; SV1)..Host: f
0x00000070 (00112)   756e6e79 7465656e 732e636f 6d0d0a43   unnyteens.com..C
0x00000080 (00128)   61636865 2d436f6e 74726f6c 3a206e6f   ache-Control: no
0x00000090 (00144)   2d636163 68650d0a 0d0a                -cache....

0x00000000 (00000)   47455420 2f736372 69707473 2f73732e   GET /scripts/ss.
0x00000010 (00016)   7068703f 69643d31 31372048 5454502f   php?id=117 HTTP/
0x00000020 (00032)   312e310d 0a557365 722d4167 656e743a   1.1..User-Agent:
0x00000030 (00048)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000040 (00064)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000050 (00080)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000060 (00096)   2e313b20 53563129 0d0a486f 73743a20   .1; SV1)..Host: 
0x00000070 (00112)   79617a6d 696e782e 636f6d0d 0a436163   yazminx.com..Cac
0x00000080 (00128)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x00000090 (00144)   61636865 0d0a0d0a 0d0a                ache......


Strings
..
.
x
.
.
.,
S
.
.
.
.!.
n
.@
S
.....
.2
.s.
.
.
l
I..
.
>\
.
...
..
x
%
..
s
..
.i.
.r.
.
Z
gEm
6$
'xA
l
.
....9
..
^
.".X
]
..D....
..7
.
..
.
.
k
/....
.H
.
&
.
.

040904b0
6.1.7600.16385
Aeaufhptixigpjwalqgmounoxlopd
CompanyName
Copyright 
FileDescription
FileVersion
Gogri.exe
Heaventools Software
InternalName
LegalCopyright
OriginalFilename
Paa.exe
ProductName
ProductVersion
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
 XMCCOIY Software
?$-`/)
/>);(}
@-#. 	
#\%	&.+`
01<UN;8
05YMt;
<06P$Z
"0aT!,
0b2T_8
0*CI9WY|
0'd`!wz
{0FC"U=
*0<hsS
~^0|Ju
 0M"9$
+0PGr+
0PZGp]'
0q3rYd
@0R|:O
0T7/wV
"0_ -u
0uc7!]-*):
0:VN*<G
0w'"J,
.$^)0x
0Y%*)qwDSs
&1> ^?
1##1Bm
)1;3#F	
14J,Lc
151c~&
>1.7PZ
1?|.9S
1!BKAU
$1Cg_^
1|dKk`
-1.^E>
@1f2C.
'1&:FB
1Fs 3OE/^
(1g3B"_
1G5d"(v
1JLqy	
1Lcn16
1~'!LXo
;1?@!-oK(b
1p32;-G
:.1qDJ
 1!Q(E
	1}QJC
/1<Q(T
1TY\Y#
|=1uY=M
.%1#Wu
"22[o5
<248-8
24IwhPw
2^7f2Z
28=~`;
2Dxs	Z
2eU^w-Wk
>2f?_3$
2F:e[k7Z
2.F+oi
2"h}&5G`~mC
2*i&sv
2`J;[-D<
2,<jkM
2=:KKbt
$2KP5?]
2m.Cu=
^2)&n?
2{oGEp
!2pEfK[
2Q1[9p
2Rjkqv
~2/;#Sx$Nd
2sY:;"v]
>^2*:V
}2*wCh
2xaTLO
2Xv}%5s
$30PSq
3]$0s}C
31g8<PS
33333;
334C333;
3~ 40iO
3dK]	S
?3E|8O!B
3@GUmv
3l&)Ll
3`M0)[
3Rd+*C
3R(Hf=UI
]3tR{H$
3UgA`o%
3vq|h%
3xtD. 
3Yfz.W
>3z4^-	
3ZCO@L
3Z\Kf[
|40)bh
4'0uMv
4;+4G1
4A%#6*
4;A<+Q{
4_a=vu
4BSWb0x
4)ca"L
4C&k)F
4CLu"W
?4cU7G
4-&dJ8
4/{fii
)4|gDV
4Lkv)6
4Mv}'|
4:/	N7w
4NY0dp$
|.4oJRU
!4q*|j#
4q!r @
4rcE3'
4.RGhz
{(4rH Ciw
4s-VtFo
#@4-W4
4ZLhl"
>50>TT
5%1K*(
5/3W38
54>"C[
5/55L[
5=8]/p
<$&5Ch
5c%pVj
":/5c\T
5@>eO_
5F7{<4+
5gX$!;	
<5H*I_
5+hLQD
;5KJ#	
5lWMu3,
:5n]:Kd
5;q*]|Hjw{
%5r^:~>
5R4L,?
5`sH3o
5tS.6]
5u~--89@cRY
5W'|>$
5xg_Z&@
#5Y'n[
},*5Zp
^~$]"6
63%: V
6/9x5P
69~[zOl`:
{6^aJ,.0
:6Att2
6Be=%1
6bfE:uv6
6c&G',
$,6D>K
6d^zv-)B2
\6E>_9
6f}Fi8
%!6g>Q
6ilv)g
;6j2P&]S
'6jzMc1
6Lq" AjU
6l?wIYSa
-6_mTs
6|.-NHCn
6NU2us
6N>;^w3
~{6<+O
6oVC+!
6=p;cp
6<:q+8H\
6QH6}f
6Qjc +
>6SY!}
6 un$$
-<6U]R}+dM
&6,v6Q
6 _w9c
#*6X19
6z_=nX
71`	8SD
75wq-+@
7]7w',
7-9<K[exk
7\:a<	
:7a0-3
7aC"Sk
7az]<g
7B_Bsg=
7cE|wv
7:cgMBji
7d,wA")
]]7?_FC!
7:FjBZ
<7GG\In
~.7hmS
7_k7Pq
7kra9{
7:Nwsc<
`7PGW?@
7qH	OA
]=.7.t
7$=uJh2
7V4(FY
7V<Dg*N
7WhDvGR
7wp_7u
7W@Qg_
7XwA*k
]/7YooG
(*(7ZHKV
84GOo%
87VtJ1
.8A}.	
(8?#Aw
8B{:;5
,8^B$cqw
8c1j>[
8cG)4_
8DuTP1=v7T
8)e=.$
8ISj%S(e<
8(_mKj
8;P3;<
8.P|D)`ASx$hhFpkS8H
8r/H^'
-.8[T"1
-8ugMx
8wc]_b_,
8wcue.?
8	>wOK
8[w>XF)ae}S
8WY!.a
8x0rD@#
}8XGzN
8Y)"Bj
8Z?Wt.
905!C3@
90l>#R
94'^9_
(94Y(7
&&95FX
9#-6cx^Yr
9;7L4x
9ag%r@
>-9]A'-\|U
/9ck4^R
9CXDg]=
9D0-v1
,[9Eb)
"9Fv	x
 (9G|t
~9H^5<
*\ =9j
>9lC	:2?
9l$\w_
9NQZ`Rk
9	OOXo
9oZ&_1
];9p>#
9q~bX:
]9R^4'\
9tcKmo)
9t|tT&
9}v.F6^
9vr%Vw
9$"`y2
9~yXGvg
A0L404
A14\x)
_`A'5[
)a*7awa
a:8/H.
ACDdv0[
Ad,MbE@
ADVAPI32.dll
aEP80b
A@e*Y(
AG@\9z
aGAp)^
AgIoKC
agVVub
AiF;E'
AIK2xU
a	~-.K3
aK	E,Zwd3
|;akmyD
aksi9i.
AkUGaL2
AlapT0
=aLf70H+R
,al`ZU
AM-BHE
AMTuQ/
{A<mVM
aN^OgUN\
a~Q)(\
>aQ)Cc
A,q(Q"
,,Aqy!v
 $Ar#O
aSb"p>WB
as|!F98
(asK~51
-Asl=T!
:a%+tC
ATU.9EW
at+Xz-
A&/U8U
%A-U L
?+a@V}
AVe'Hi
AW=1*!,
aw	n3Oc
Aws.m1
awv\x$
A:,`x"
A-<x#6C
(%a^xI
)={AXp
{AX.ZP
\Ay2>	
-	AZQ9
=AZ*}T
{>$AZw b
|B0e4Yg!b
B	%2'8
B3\gr^
b5H6Fr(
B8)?.l\
B}a>>2%H
BA;HJ5&k
bb0%a}
bb 2aj
>b"BaF
BBHW"?
BBoC0}
[B*bYYm=
BCJ441
Bc/).w5s
BD0 	HE$
BdiEup
B+Dl=X
^b!&FE
bfixbCw
B#!Fn:
]bH{6J
b{Hjx<
`bI0\k@
BIMIs$
b}J9o	
bj]O;8Q
*bJ}T3,
bK25E$
B*/k`J
b	]Kz\v
"b}l	db
_B'_ls5
bl?yu>
bmB:[4
B'^]/n
_bNoVV
B(<)$o1
B^oF#TC>Kv
BOWJ!2
"%bQBT-yT
=bQ$GVn
]BR8i)
?b-%/tl8\
buTjWBr%
Bv#*<o
bW	t W
Bxjj}e
)?by-'
"bY)uRaMh
=bzq#"=
	\^c(.
c0f"=Z
'C0JTL]q
 C0K>S;FX
C1xV;1z$ 	
+c2WSA
-C3;ix
?c['4M
C5m ^2	>
=#C6#;
c8U@bD
Cac[=.`
c$Am3/
c!b)oK
,+cE$d
<[cex[]N
(Cfd%+
@cf`H8
>	cHb^
C,hz#KF
-(?-ci@'
CJ/K=X*
|cKFbMB
c,l M:
CL!.\N
|CM8&}
</CmM^=
+c'(*nN
;c>""O
C^o#^|-ek'
CoInitialize
COMCTL32.dll
CopySid
Cpo]9:D
=;@CQ^
\c$$rO
*?@&cs
.	'cSNZ
*cTL!]
cU7S=[
&CwE{f
'cwQb3
cx7@/$P#
cx8PT 
!\Cxu/)
cY1bul
c:Yw;}JRI=
"@czFo
#}d%?<
+]]d)0
D0xAp0h
d(.14+
d1lAc 
D1vMT[
D2hcN6n
D!5)0N&
*$D5@8
`D/9Jy[
D9)^z,
D,B5b#XgF
D|C;v9$*nE
D]/D:8
DDDDFfdA
DdP)}2
de72;(
DeleteDC
.)D$H)
&}dh9%N
DHE3!Rl
D	hO:O
DJ,/gSjg
DkHw,'
/dkV E
{dlt;h
dME7rIsu
d-MU;,
'-dP+8@#MC
d{.=p9
DPe[l?io
Dp,x*> 
d{,Q]6
D`q=6f
DQ"ccE
DqL#<z
Dqy:/Jw
DRH4yP
dscNVh<
d	S+kU
:dswbxrwn|(
|.DT0L
D$t+D$\
D$t#D$h
DT@ I)[
dt+N|f
<`+DU(
}*'dUM
%dUR2rg/
d&>us	
d(uw=B
")D)@;v
];-DV:
dv~4*0U
*,DwLHD
dYs}%vlg
dz]+}~
}d@Zo@
<!;e*\]
?`e1Z^
)E2|<}
e<--2v
e3[pC@
e* *>6!
.E6Nm@
e*8N@q
eAsaV[6m
@ebRZw
.E){CgaH
<E&cr<T
E(D_J&
e<D!L9
^%ee+_
eeD @M"p
<EE!wM
)EGl&],
egp7=u
EG><`{S~
ei.S,3
	E&K5j
EkISI @
e=&m'#
emY`=g
e-m|+Z
E^N5en
E%Ozzy
epdCX*
erc55MGiHs
eS"nTM
,e-t}	
@eTj\KRq
etUK%[[
}[eu*A
!E)^?V
EvG^[>(
eWJw*/
EWvjcy:
eX4D<\gP`
Ex92=|k
ExitProcess
E{X?(u
(Ey?}%
<.	eZr
!EZX1Q
f$0w:Bv
<f1s'X
F+(1]u
F&"{`\+2
F2%EDnv
F3bgS-6TW
>),~[F4ZF
f7mIakFm
F7yAoE
%F9ERD;
{f9k9L
"'%Fan
{,F~{B
F	C6!02
~F(;cSJ
fdpmr6
_,f$fE%_4>0
FFShGr+
fG:Pog
]]F'h$/
fh;E;	
F~H'jNb
FH*`k_i
F	_Hu]}
'f$I0&UB
fiM!UL)
[fIosD
f:IwLn
FJ7F-_
Fki\SXQ
fK>L,lc-8
{'flEF
^fls~k
*F*M8]
FmX:$N
FmZ<;{n
F)obi_c
<f.PbT|G!
Fq=K75
)`F}SU
fS\vg-
FTB8L+
f)tR9f
FufAK;N
FUh5j=
>-fV-+
>'*F$V=V
F$w! _h
;F*wv0
"fwxl-T
fY0%@D
f^yce[
({$'$g
g00D1bt
-g05/}
%G0$O>
G1`u`fR
g%'4d6
"g6?px 0R
g74.K}
G7vF=M
G8.csK &
g8	e,O
&g9=d#
Ga1^Bg
/g`]BJ
gBM7\P
g){\|c
G:c41!
*gd@_]
*GD5dtr
g D}8w
gdbj.D
GDI32.dll
gdiplus.dll
GdiplusStartup
GeL~-'a
GetProcAddress
G+Ex,G
<G`}g7
*GH:0)
/~gh~C>
%gI_PZ
G{i~t=
[],(gJ
g)j"*Afv
G.jZ^dL
gKNcQ-
	Gli5;4
@GMe}e
$?gM;SrWo
gNC5um$L_
|GO4/K
go|Ne'
-G-PVC
gQ2J'N
%Gq~Q#;~
G,q(S>%6
GqUkF~ 
GR9o:5
gS_0,]v
gS\[}q
%gSqs4{
Gsr4VV
G%s`WMI
gT8|12_
GtDDDDI
GUPl!9m
`GVH*.
+gvl	8j%
G'vL-K
g`vyGy 
G WKq=n
gxh#CA'
<g(xi,
Gy3mX/y
g(Y`F^c
GY	Q:t/
~_%|GZ*~E
`gzVH.
H_11W#
H"=20Q
}h5?Je
;*h6.gXu
H\#/(7
H8 0'W
h8Xxd F;
H9%pGat
)hAKK"
h+A;Ky'
ha_Q[7
Hb+0kWa
?@Hc'`
.,"$HC
{h[dpY
)h|^E=6
[hEat"RR*
heG0j\A
	>hfAw
_hGL~/
{hGvfq
[H|#i)
`H?:}K
HkRmSh
h^Li&h
h:LjrD
|~hL/VSR<N
h`mfzJ
h<mJb=R
hmz%{.
hnX/Ishf
Ho\+|{5
$hoBmn
h?or!d
>HpHcr
H&Po^,
hRq6-+
h'Rs@Z
$H's0;
H$S,qC
,hu8k/sW
)HU;.~%~z
hYCi7:
:hYDq[P<
HyUbL0xY.
.Hz547
,&i)%[
	@"%[i
I1p_@a
i(-2E*he$
i3KbyvW&T$`
I3o/5F
}I58~`
$I'6+=
.)\I&7
i98t`'&
I9z$fx
iak_vF
>ICl"s
_i}cQ6
IDD.q}
i_dE>hG
ID)|P<()
ieoVQR
~ierwa
-)IE]w
`iG9kq[_
iGh_!(
I]#H^#
ihjyHxs
I/J}Sf
I/Jz((
I|KbU =
i-@kL?_
IL2I`@?
iLv_QKT
ImageList_Add
IN #Zlk
ip1?>_
i|pdMp^
I-pY+[
@IQ2 _
iq416F=
{)iQ_V
!?irh}q
i(s#6>
[I[sF6
Isv]*	8
iT[?RH
i:TX0+
i_u?j}:
iU@qj3^C
]iwl1s1q^nv
?i%x3!#
iX+_Ij
iYn* ?
`^^$j'
/J0WeG-A
J1vaA/
&{J1[Z
j27-Y!
J3Z78K
j4K{b4
J-5P*$0
j5s/K{
J9%FT?
janL$q1
{JbdlfM`q
%JBuZV
'JBW.;
"=JD~4M
JE)4Q-
jEg!SJ
j(f0AA
JF_EH	Qq
JfE(Vkx
JF!Wk0S7M
JGIwY<6
j$@g'v	
|Jib9J
jiftnP
`jK#k1
j/kP{H
J<Lv7S
J;ol-}
@JP5p)
;))#jPl
Jq(>g#A
	JQ;S";1
jR0"'_
`js2TzW
j)(#S4
jS^kbyD
JSub*O(
j:svmy
|jt(2J
(JtFB!T
Jt~~tua?
J! &#U
!J#U4n+
Ju\A\	
JU/@G/
JU?m6<\
JV3DfV-
JvgzJ3
jwj#TX1
jXVL	!
JyMgnW#
J[Z5MF-
jzc([.
k']_ @
;~k$0^
K[1s&Q
k2)DI<
`K2/Kn<ld
k2x]qP
,-k3et$
	k\4rI
=K5GGW\
k6	zrb
K[|7t[
~k8G3U
^k'_8y
K!9"cI
K|+Bb~
kcJ"mo
K=c'q.H
KE>gnWE
KERNEL32.DLL
KE"Zka
K!F?/[k
Kfx83Z
k{	 GYX
K"/^%H"
kHOR[-
k]Iil>rJ
]K|Iuj
kkDzdx;
K{/kj5
k*^ku9E
[kku!g
$kl5}.
^K l6pt
klFO8{!u_-v
k-lGo@2
K:,lO'"
-#k[ly'
KmA3Vc
_(kMIiQ
K^N#B"
!kOJZv"
kOk,QFY
K^p_Fm
k-	pLW
krh*JY;
.-k%sVG
ksyhF3
kTeR_w
Ku*Os9
K_/v:r
K[XB59
KX@wQ0l
[ky@4b)
k+y8z=\\
*K]ZGR
 l09.i
L 0&~X
$|L-3r
L,43P_h
l$+6!4-
\L8z~s/
L9PLeL
laoI7q
LAz#W|
@-lbjm
L{^Bp;Q&
lBs@\^9)x=%
l{CW4R
%L$^/Df
lDHsTs
(L["d$KOie
LdMD4$
L^d.T]*0+<
Le:4[s3!-
lEEd:&.
LF2C'_
>LG]iS
$&(lgo
?"lgPtQ
lHBfgFLO{
l<HdoU
l'i+hD
lIlC=;v|
lj9[K5
Lj'e4j
_'|lJHd
LJow\A
%"lK;D
Lk>ix;
lKL8%]
L+_\kn
lmpQ'{
'ln\@G~
LnHlf$aa
LnRkH%
lnWW-m
+({/lo+%
LoadLibraryA
<l@OE-lq
>L.+]P3
lpK$dig
l**QQp
l"r2(m
Lr,A-3_wR@
LTHVuz
LtS?Mh
lUAM&E
lUoy1-
.l<u{P
Lu(pwc
#l]uVj
l^UZeo
lVlV;/
lvRY6Sp:
lwCJ	aB
Lw?*u!E-
,l\Xb!
{Ly_8Ks
@L`z[*Qe
}LZYa3c
^|m,+#
_`!):m
_ }m{_
m};		(
m*|}-	
{&#'*M
M^	#&#
M[08.n
M1*2'#
M 1x[R&
m4WgvV
M+522]8*
m/"7Fnk
M+98VG
M 9+R7hE:
%.m#a5t`!
MaBJbP
^[mADt
mAGt>N
^mbTV9
_M&ch(?cZ
mC[)O&W
m)(fXUi
MGlbE)%
;|mgu%p
M-g{X>"L
(m\H	%
<mi6Ft
miv:"~
M#L*wC?^
{mN,7k5%
MndWk;
;'}m	O
m(p!^a]
&M[#q8/
MqD}sN
=M)Qp<
MR1TEX
^M$RQt
[m~ T,
#M%TnsnPv
<<mT(qI
`m#_ts
mts[dY
MTyt D
muj	G6
;#mUM9
~$m%v	
{}M	:V
mvx_VqA2
MWWZ\j
 Mx*J	> 
?{mXz~{;
[myCF=
MyQ _o&B
M%%ZR\
N^!%]!
N>!- &
N?0vn\r,
]n1Jzpr=!Usw
`n^4N(P
N!	6>f
N6t8ly
n6y|SE+
n7\`&J
N>7Ye'
N}8rq$D-[
N)8t{<#
(";'na
(NC1r:
|nC9d|
%ncr;?8|1)
n^#Dj0\
NE&cO4
ne-kku
 n-G5G
nG:B%}
:{N`]i
niA#H#
nj9)?	
NK5\u5|
nkWHKIL
!N/l;b
Nn4e*t.2V9
Nn?!v}6
<NO$+bi
$;_n<OI
N_(o*Tq
no#={x
 N(Q4e
n-q&hoERH{A
*]NQS-
nQw? (
}nr9*8r
NSdyn=
n#sNRz
ns?ozD
NTF21}QO/
nuNb0D
}{NuvE
@N\v"8
N-Vaa/K
N<VW9P
n)W~g?
nW#_!T)D=&
nx;5	X
Nz	A.r@C
nZ$yT?
>/;]o 
o\2G37
|O#3`6
)O9F'c
O9L|xh
O9tSp:
O9Wr[!i
,oA		*
o,A}	7J	
%@)OAS
(O{bs7
@oC}46
oCF'r@
OdCdx!
`OD	Vb
}Of5\@9
>OFaZ"gRl
=O?FRlv
o-G	d=
	OHe|#
O~[jh+
o=Ji"I
%&Oj\z
_)o[l>
ole32.dll
OLEAUT32.dll
'O'LyP
O;MP\%~"
oN^)6I[
o:[oH4
OPD\v(s
(OPLW\
OrsQ8=f
]OsA@X
O|SbyUM
O[sE."C
,os'H3
)ot/d:
&@O{u<
OU4=y*|
OuPM{d
O@v/CC
#oVTn~
&O\Wi:
O+Wi`[M
oW!+(T
$ox^J}J>~
o yN<4
'OYuJH
OZ@8`%-ph@
Ozuci~
P1^=9;
p-:19p
P2x:o]H6
P3T(X.
P3(-U^
{>P"4`
P%4ZQt
*p)6L:
]p8(T!g
paLGwN
PA.<v, <
=P[b3+^@T
P(culDx
^[pd|`Z
PEjTS>3
:pFCvo&6
)pf)ell)3
pFx\Fb
PfY ] [
p!/G9*	
PGmwCq
_'pgP1
pGqwk&
P?GR:;
PGr~H[ FgD.S
`pHE"6W
PHge''
PhTg{BX
pI|D.y(*
pjcST~
!PjJx7
Pl}6DC
pl]N;N6+/.
p!_m}0C
"Pm>4/
P	n-3T(
p+/NFE
pNZ XQ
+!ppg)
p;pk[TC
P?|qEU
p.qj6A
p)/s{/k
PThh.g
pTM{$r~
p*vH""
-PV-pn>
}p:wO2y
PX6O$|T
P"xC	i
pyKE}	
py~o"n
}pz `#
>Pz7\P
pz'?eKy
p`Z/$g
#<+q{1
_Q1=QD
q3u-3j
Q4mUd`
q$4|QZ
q4r2H#
q"7]&P
q8]H-|Vm
	&{Q?A 
Qb	YPuyJr=M
q:*c~|
Q/	(CJ
qd6d7>
QDs4z6
+qD>T#
:QE}0 
QEaET;
q>Ea$k
qET!3{4
	QE#	Y
q G$.y
)_QhHl
qH:^)nq
[Q%HzW
Qi_<n%
QI'<~O
<qIT5;
|%#Q!K7&]
=$qk89V<
QL['_Q
Qm-%{ 
Q%MD%[
QMQ(VY
qn `.4
\q;Nb(
QngxEI
QN\ |O
-*QOB@_
QO	E(6
Qo`EPT
q$q|GnVz8?
q</qGq
qQJ.[y_x
|QQTR]fg?r
q|?s@_	
*QSd_x&
Qs:P%%
qt|X`7
]QUdM~
Q;uI3B
\quy8E
,@QVQP
q)V+R\a
qWjB{k
QX54	&
qZAQhRC
'R[.=\
R2gI*~
r&]3"e&zf
r7toDQ
~R9bE<
R9bo6c
R@'A_"S
rB'|*u#
\r-dNv
R)/E6F
R}*e94
~-rEt oRL
RFa3;~^
RF<Nzk
@#:R[}G
]Rg"1i>
R{^JDv
Rj|Hm,^
@r Kp`
r>KSW0@
:}&Rlx
r&|*`M
^R|MCL~
RMhQ>d
~]@rMyJ
R?_N4_
RN*Bfg
,RNh<p
R.]+}O
Ro5iaA
RPCRT4.dll
	RPV4	
-Rq6#	
RQ9q~~
r?qL27
rr	4ime
>?|RrGCLz$
rR[kE#
r$uauz
"RVk7m"
=R=v$R
,;[rvu
?*!*RW
RW)]0|
rx8g>-
r~YiZg
>s /,;
)S'< 0#GtEyOI
s38m_=w
s7TOo>,
=s7TxJ
s8R|/=i
#saFY>BF
sb1tbc
SBXRGi
S-dN]L91
	S][	f
S!f4S>
sfCR`R
S"fMoV	_
S?FX~$
s{F~#z
sGNM]_@
S~`g@ W
SHELL32.dll
ShellExecuteW
SHLWAPI.dll
SHStrDupW
SJ?}QI
*{s}jt'9,D
sj,UXu
S<K!--
SklTrX
]\S_kr/
s`)L$4
S+}!L5
sl Ay$^
sM2	wj`Q
SMmp-s
S,_n\_
s"n;q@
$s|nR|L
s_nrr$n
SPoH&I
S{+~$Q1Z
s\rKUl
SrN13U(
;SS.2^i
#SSskI2
Sv.`Eg
s!vQ!T*
_s@vWc
Sw>wk3
!sXLL?
@SxMF!
SY4|,Y
sYx*4q
T!>>;]
T1wZ%sw
$T`&2<
&t;`4b
^/T/5<
T5t:7#
T5WO| 
t6t/2,
:+T71L
t	~~@A+
T[B31}
TB9emw
. "=tC
tD;:`>/
t`dGH	
.TE}L#d
t!G{	]
tGRElp>C
<,t%:h
!This program cannot be run in DOS mode.
TjF}*K
tk?n	E
T)!Le<
tLr`Q6
TMNcsy
{TmrZ~
"%t>N$
#tN#-e
t-Nh%8f
TN{z)j#T.KR
t?P8qg#
_tpO%'
TrF:Gz
T "rGLZ
:~,)ts\}"n
TTal6;
t$t#t$l
TvAAB5
t$\\vu/
TwB& ?[oB
|tW%^H
Tw'jh-
TXIqda
T[xOg"
>t(x=S
Ty4;/L
:)tyB7
T={'ZJf
t z^LT
t~zN1x
u1j/g(
U1%/T$
u3\x/A
U?4FHp
_U5 Q	
U5=UZV~G7
U,];"6&
"u79	B
u:[84V
U9I21=
U9=oq[b
^u9p+9
&.U9uO
(U'A?P
UB}e}r
UB#K!VB
^ub.LQ8s!h
uCnpq_
UDcpt&n
udt<%	
\uenKl
%',Ug{IiP
%`U+}H2[
~U!HAdY
'U$^\J
U+j6<L
^`U	jTUt
uK&6hvb
?ukFdi
uK&r9[
ukT[v	-
U"mW\;
uN!}bk
{ungKM
unt3xd
/UnYkF
=UO0OP
Up#[f^z,
{uP,|p
U-,qtH
%[u[q/W6
U?qX>dq
)uR*9}
U}R*iYR
USER32.dll
u==<[T
-)|uTC
uuC..}F
u@Ue ?
UuidIsNil
UUUUU^
uUUWuUUUVeTI
	uv~$/
uVOCKd
u<waw ;
uW;Lqpy
^+uwM5
uy2MrK
u*Y/Zs.
uZq4'Pf
V0W<lO
V^4-<M
=V4qS>
V;55<)
V',6K]
V7n>i7
V}7p%~
#V"7's9
v8)&/#{
V8-n!M(#
V	ANAZ
'VAQ{I
vaSJ9kqlV
vB"/ae
vbd)0c&
vc$-+`
Vc\fv_
{vC)rw
vD,8`P4y
*)vDPou3
VE7KE`
`V"	|f
VG.)1+:"}
V GvN/
V\gYZ~
V#h|'O
Vh& r:
vI) L5
VirtualAlloc
VirtualFree
VirtualProtect
V>IvBM
Vj!T?.Z
v`mC0a_
+VnWlX
V>o)/i
.v#}#P
*vQC<0,~Z
_VRGp8
VRu;1W
Vt/iw"'^
vtJ-d_/
Vv4q6d
(<VwFRr
V@w-gP
VWq*?.
_\|VXd
vXVuT8
vY]?hZx 
W0#]e}YL
=w1W^	>
W>3p2BP%
W9&LKG
%Wae] p
=wa?Yf
Wb,Ecm
w)_b>f
Wb'mvJ
wB^t+^
.W`)|c
w*C0oK
}WC9)pO
WCEhWr
]-w\D"
;Wd(HjV
W;#~dNe;
wEc=yx6
w:ek`z m,+
wf|/Q_Q
w,'G$z
W|%h$U
$wiKo*
<wi-Ya
 W/}/j
WKMe2e
W]kXyTFkAR
_w~L1 
Wl6`Xpb	
WLDAP32.dll
WLD"o+7
wLR!?P
'wn<\ 
w	n<.!|
.`'/WO
wOVuT'
wOyAef
"wPi|	
]|wpnYX
Wq4:&>
.wr~a"
wR",CT>
}W	R[F:
w{>rKue
w	rX3Cn
ws7wwwp
wT-uWS
w+tWf]
]Wv?9@
WvMrL4
}W"VPr0
WV'+|V
WW,+Ss
wwwwtGw~
,w+X'q
wxWKJk
/&`W#ZR
wztlKb=
x1,"I+2Q
/;X3^*
x4D1OV
x4Fx8'
x4K?W\
X5fooy
x6IC&,
X(6P(2V
x7m~!L%t'%
X8>c >
 x<9L:
X9Xj$G
xbb7C*
(<x"bd
xbK(JlY
},XB#n
>#|XcOv
XCTdL\
)xDdh(
xd.	+e
XdI#c?
X`dsmA
	.xeb9
XhBoxA
^X|IM^
xKY93\
^xL//[
+[xl2u
xlgt7|2
XLlHp-
xluE.;
X)Nd;)j`&
XNYMV0
Xo=`gdJ
{/Xo[v
"xoyfI:
<Xp4}Z
X]P89-d
XPGP	r
XPTPSW
 X\qT.
x_RC&{jj%
Xro)*sS
xRU?}v
XS%W2H
XT9v;<'
x^TEEo
Xtgc:/
xTHcTe8
X>toU-T
X	T-uR
&x.W8?L
)XX^-;\
,	xXTm
XyFE$%
]":x yx
{<x"#\+z
^ ;Y=	
}:~`*Y
Y$0F.^
Y1FDaT
Y1g2,:
Y"1TWv:
y2By~r
(Y2LG#
Y3JJd-=YKl}
#y\}$5
@Y5Q"y
y6U(SS[v)
y[,7F5V:
Y7/hQI
y+![8/T
Y8W9bt	_
 %Y9Ha
Y9LO_,
.	y9loW
;{yBJ#U
]Y@b?x,
^ybx}@o|
YC2?c3
y~C)h$1
YeZ?}x8
yf.tFy
YG]:	h
:ygjBm4
y'h1/U
yi4XSj2
(yIg)H^
Y?J+kO
Yj;MM^
!Y_jQ b
=`yk]!
'YK80C
))(yKIl
yn;a6Tu
:yNB(+=
@YN+Wh
>Y|o>r
`YPv$9)
YqMaW-b
yrI;fl
Y<rK#B?z
Y+}S&G-
{y?t.G
y,U}):A
YVv$c{
YWEj!w}k
$yWP;.4
#yy>GH/%
=YYz&9x-W2#
Z.56'+
Z6/soUb
Z6&w`V
z@7ipS
Z#=]Bn@
[z]{bPx
(ZCb(2
ZcNH:r
z+dd1)
zDYEha
_~Zekr
	ZgjyEz
z#gM&+eF<
zI6[x;w
{<ZiD ~$Y
~z{i'U
zIUx2;|
z-j{%W
?Z[K`p
@zLRr}
!z;mN&
zMw|!A5
Z\nU73j
|ZNwF)
?'\ZPc^%
zQv%!H
z	.R!=
ZRL(QZ=}
@Zs?&\
{Z~S!(
ZS	Q'/
zt	R)I
ZU/69I3
|zud\hi
zUE<s<
#?ZwkZB5
\\ZX6An
zX}\[H
:]Zz}<
zz`2]^)
]zZ9vW