Analysis Date2014-07-06 07:38:05
MD5debfca6630f239c118db1dee6707e125
SHA120a71d3ede31c6c9657ef51f83f89e82236df378

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: f94c0e28e928a9d6bb37db8177048595 sha1: cdc235518c093d910806cbea31d9fb7faf40945b size: 1024
Section.rdata md5: 5e001465d8cd3c885bc984c952e08cb6 sha1: 32ee3ee5d774fd02de6c2a88102ae2ee5e5e4e06 size: 1024
Section.data md5: fc7eb756c1f4b17f16449816cc3cec81 sha1: 2617518e49202d532dae1af9ba05aecfefd1e75b size: 512
Section.rsrc md5: c03e5c87f0229a6b1ca2fabfd78c3058 sha1: b10dd38e5c61f63d9901423f6c632305fa41a748 size: 58368
Timestamp2014-06-26 11:38:10
PEhashb4f483da6ed48ce7fc8d956757473c5257e20a82
IMPhash4ca0a0adb97211d9334271ded971bdde
AV360 SafeGen:Variant.Kazy.327123
AVAd-AwareGen:Variant.Kazy.327123
AVAlwil (avast)Cutwail-CM [Trj]
AVArcabit (arcavir)no_virus
AVAuthentiumno_virus
AVAvira (antivir)TR/Dropper.Gen
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. WebTrojan.MulDrop3.14959
AVEmsisoftno_virus
AVEset (nod32)Win32/Kryptik.CFFF
AVFortinetW32/Cutwail.DDU!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Kazy.327123
AVGrisoft (avg)Crypt3.ABVS
AVIkarusTrojan.Win32.Kryptik
AVK7Trojan ( 0049c2dc1 )
AVKasperskyTrojan.Win32.Cutwail.ddu
AVMalwareBytesno_virus
AVMcafeeRDN/Downloader.a!rq
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Cutwail.BS
AVMicroWorld (escan)Gen:Variant.Kazy.327123
AVNormanwinpe/Agent.BDUSS
AVRisingno_virus
AVSophosMal/Generic-L
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\geryxocaqukk ➝
C:\Documents and Settings\Administrator\geryxocaqukk.exe
RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\AppManagement ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\mauigiftbaskets[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\daisho[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\emailsherri[1].htm
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\a18ca4003deb042bbee7a40f15e1970b_666939c9-243b-475e-9504-51724db22670
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\tbl.com[1].htm
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\lotcottages[1].htm
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\americangeriatrics[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\kassoft[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\sterlingfoundations[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\indianapt[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\manten-shirasu[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\thailand-hotelreservation[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\doerrsiding[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\capacitacionypnd[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\kin-sei[1].htm
Creates FileC:\Documents and Settings\Administrator\geryxocaqukk.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\zonamacorisana[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\indianapt[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\mauigiftbaskets[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\manten-shirasu[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\daisho[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\thailand-hotelreservation[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\doerrsiding[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\emailsherri[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\capacitacionypnd[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\tbl.com[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\lotcottages[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\kin-sei[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\zonamacorisana[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\kassoft[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\americangeriatrics[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\sterlingfoundations[1].htm
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates Mutexgeryxocaqukk
Winsock DNSamericangeriatrics.org
Winsock DNSmauigiftbaskets.com
Winsock DNSkassoft.cz
Winsock DNShsanmiguel.com
Winsock DNStbl.com.mx
Winsock DNSthailand-hotelreservation.com
Winsock DNScleillc.com
Winsock DNSdoerrsiding.com
Winsock DNSdaisho.info
Winsock DNSindianapt.com
Winsock DNSmanten-shirasu.com
Winsock DNSemailsherri.com
Winsock DNSzonamacorisana.com
Winsock DNSmarianaresort.com
Winsock DNScapacitacionypnd.com
Winsock DNSdukecom.com
Winsock DNSkin-sei.com
Winsock DNSsterlingfoundations.com
Winsock DNSambleharbourguesthouse.co.uk
Winsock DNSlotcottages.com

Network Details:

DNSsmtp.glbdns2.microsoft.com
Type: A
65.55.176.126
DNSsmtp.mail.us.am0.yahoodns.net
Type: A
98.139.211.125
DNSsmtp.mail.us.am0.yahoodns.net
Type: A
63.250.193.228
DNSsmtp.mail.us.am0.yahoodns.net
Type: A
98.138.105.21
DNScapacitacionypnd.com
Type: A
69.64.81.51
DNSmanten-shirasu.com
Type: A
59.106.27.179
DNSsmtp.live.com
Type: A
DNSsmtp.mail.yahoo.com
Type: A
DNSkassoft.cz
Type: A
DNSthailand-hotelreservation.com
Type: A
DNSkin-sei.com
Type: A
DNSdaisho.info
Type: A
HTTP POSThttp://manten-shirasu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Flows TCP192.168.1.1:1031 ➝ 65.55.176.126:25
Flows TCP192.168.1.1:1032 ➝ 98.139.211.125:25
Flows TCP192.168.1.1:1037 ➝ 59.106.27.179:80

Raw Pcap
0x00000000 (00000)   504f5354 202f2048 5454502f 312e310d   POST / HTTP/1.1.
0x00000010 (00016)   0a416363 6570743a 202a2f2a 0d0a4163   .Accept: */*..Ac
0x00000020 (00032)   63657074 2d4c616e 67756167 653a2065   cept-Language: e
0x00000030 (00048)   6e2d7573 0d0a436f 6e74656e 742d5479   n-us..Content-Ty
0x00000040 (00064)   70653a20 6170706c 69636174 696f6e2f   pe: application/
0x00000050 (00080)   6f637465 742d7374 7265616d 0d0a436f   octet-stream..Co
0x00000060 (00096)   6e74656e 742d4c65 6e677468 3a203538   ntent-Length: 58
0x00000070 (00112)   360d0a55 7365722d 4167656e 743a204d   6..User-Agent: M
0x00000080 (00128)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000090 (00144)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x000000a0 (00160)   3b205769 6e646f77 73204e54 20352e31   ; Windows NT 5.1
0x000000b0 (00176)   3b205356 31290d0a 486f7374 3a206d61   ; SV1)..Host: ma
0x000000c0 (00192)   6e74656e 2d736869 72617375 2e636f6d   nten-shirasu.com
0x000000d0 (00208)   0d0a436f 6e6e6563 74696f6e 3a204b65   ..Connection: Ke
0x000000e0 (00224)   65702d41 6c697665 0d0a4361 6368652d   ep-Alive..Cache-
0x000000f0 (00240)   436f6e74 726f6c3a 206e6f2d 63616368   Control: no-cach
0x00000100 (00256)   650d0a0d 0a474f41 3058394a 32345264   e....GOA0X9J24Rd
0x00000110 (00272)   7549784e 61686169 37347455 54792b30   uIxNahai74tUTy+0
0x00000120 (00288)   694f3433 324a726f 6e4c324c 4d716f38   iO432JronL2LMqo8
0x00000130 (00304)   684d4c46 7973714f 3266556b 34416e49   hMLFysqO2fUk4AnI
0x00000140 (00320)   58413070 770d0a41 50333679 67384630   XA0pw..AP36yg8F0
0x00000150 (00336)   30755779 73634546 54334773 35484b37   0uWyscEFT3Gs5HK7
0x00000160 (00352)   497a634b 71627a57 4a473953 6e487559   IzcKqbzWJG9SnHuY
0x00000170 (00368)   66757042 48416b51 5a6b6c4b 55356563   fupBHAkQZklKU5ec
0x00000180 (00384)   5a76516e 706b520d 0a4f325a 3872774e   ZvQnpkR..O2Z8rwN
0x00000190 (00400)   59544854 47325049 2f583555 2f75746b   YTHTG2PI/X5U/utk
0x000001a0 (00416)   64535174 59426e44 4f694755 612f644d   dSQtYBnDOiGUa/dM
0x000001b0 (00432)   5330645a 564a7141 31535351 5a2b6379   S0dZVJqA1SSQZ+cy
0x000001c0 (00448)   562b4956 792b4673 5a0d0a64 6f51386d   V+IVy+FsZ..doQ8m
0x000001d0 (00464)   57627761 44663531 52443072 614d7372   WbwaDf51RD0raMsr
0x000001e0 (00480)   63306632 39625177 3749416f 79514234   c0f29bQw7IAoyQB4
0x000001f0 (00496)   5174444d 574e546a 316e7a70 574a4b71   QtDMWNTj1nzpWJKq
0x00000200 (00512)   6979542f 62307737 677a2f0d 0a743748   iyT/b0w7gz/..t7H
0x00000210 (00528)   70775444 5961575a 78757250 52556b52   pwTDYaWZxurPRUkR
0x00000220 (00544)   6e4f5474 76757730 584a5571 53746543   nOTtvuw0XJUqSteC
0x00000230 (00560)   334f6541 37385376 68595343 4f4e344d   3OeA78SvhYSCON4M
0x00000240 (00576)   6e6d342b 65727558 4f646433 670d0a58   nm4+eruXOdd3g..X
0x00000250 (00592)   6f572f35 2f487a30 74763373 72424d50   oW/5/Hz0tv3srBMP
0x00000260 (00608)   55476736 68736a4d 7a324762 594f2b63   UGg6hsjMz2GbYO+c
0x00000270 (00624)   65467049 6932435a 46626d46 714c4a54   eFpIi2CZFbmFqLJT
0x00000280 (00640)   794a4956 59346642 424e4275 56616b0d   yJIVY4fBBNBuVak.
0x00000290 (00656)   0a34616d 57723941 574d636a 766f5248   .4amWr9AWMcjvoRH
0x000002a0 (00672)   794c6c41 304b624b 6e797373 72415a56   yLlA0KbKnyssrAZV
0x000002b0 (00688)   56654c6d 326e796b 68664a34 6a754346   VeLm2nykhfJ4juCF
0x000002c0 (00704)   5650776a 2f386738 4b726f64 2f73616b   VPwj/8g8Krod/sak
0x000002d0 (00720)   4c0d0a70 51735766 6d2f6674 46756674   L..pQsWfm/ftFuft
0x000002e0 (00736)   4c786953 6d595936 7045754a 572b6454   LxiSmYY6pEuJW+dT
0x000002f0 (00752)   6963706b 48673576 524a4f77 334a4461   icpkHg5vRJOw3JDa
0x00000300 (00768)   596a594f 74506452 38713366 74716576   YjYOtPdR8q3ftqev
0x00000310 (00784)   3633760d 0a7a5272 394d306f 595a7561   63v..zRr9M0oYZua
0x00000320 (00800)   54415257 6a367943 77727843 56754550   TARWj6yCwrxCVuEP
0x00000330 (00816)   6153624b 46317434 556a6461 4d732f67   aSbKF1t4UjdaMs/g
0x00000340 (00832)   4e683776 632f6548 6a30673d 3d0d0a     Nh7vc/eHj0g==..


Strings
.W.
.
5WA	
&about highnesses
absolutely tribulations enticing
&accent
actress sufferance
&admire ambition
advice
&advise matter
affair
&affair
again
&aggressive rolled
&ahead;
&alone before
&always
&Americas Sherringham
amused
&angry unburdened
antidote eyeglass
&anything
appealed
&appear else--the
&artistic everything
&artist remained
aspirant gloves
&assent
august;
&beautiful expressed
&beauty
&because
before
&before
Before
&Before
&before rested
&belongs shouldnt
benevolent
better
&between perfectly
blowing
&bottom
&bright preference
&broken femmes
brother pockets delicate
brought
bungled abroad caring
business
&business moment
&canvas myself
&career
&career action--for
&carried continuance
&case--well daresay
challenge
character
&charmed
&charmed Biddy
&cherished no--everythings
&coachman
&coming
&companion
&compelled pleasure
competent engaged
comprehensible
computers
&comrades
comrades everything
conceded unhappy
&connexions
&conscious
&consented
&consideration Sherringham
contradicted assumed
&counted
&country-houses
&country should
covered
&creatures medals
&curiosity
curiosity synonymous
curve;
cushioned clever Better
Dashwood window charming,gentleman staring to-day; imputing presently	surprised
&dazzling
&deceit
&deeper novels
&definitely
degree
delighted
&delightful improper
&deluded laughed
&demonstration
&describe--if
destined
&device fondness
&dining
&disaster talent;
&disclaimers interests
&discouraging
&dispersal
&Dormer
&Dormer worthy
&drama;
&draught
droll vision produced audibly
&dropped hastily
During simpler stockbroker version
easily
&education
&effort
embodied
embraced
&embroidery lingered
enough
&enough
enough dreadful memory:health before anything perform expenses minister literally
entity
&epitome
essence
&events
everything
&Everythings proposed
&exactly
&exasperated
excellent Carr?? casual
&exertions
explained returned
extraordinarily
&face--in moving
&failed straight
&father delightful
&favour
&felicities before
&fellow
figure
&figuring began
flatness
&flowers
fondly celebrated
&forbore
formats bravely
formed
&Foundation effective
frankly library
functionaries
&further
future
&Gabriel humbugging
Gabriel question
general action
&general appearance
genius--he
&gentility suspicion
getting fondly struck esteemed'memories forward course invitation--and(protection abreast humiliations derision$lingering looked precisely observing2Fran?ais come--to proofs because morning pretended0domestic rudiment before during Martins reportedEthree-quarters learned indebted electricities otherwise theres excess
&gowns flaxen
graces though
&grind
&hand-bills
handsome disagree seemed
&Harsh Nicholas
&havent interesting
havent thing
hearing
heroic
&herself
herself seemed mornings never--never
&himself excuse
history
&honour Madame
house
&house
&houses
how--but definitely
however
&however tasteful
hundred
hushed paradoxical
&imagination
immediately mother
impugn are--and
&impugned impression
&inferior
&infinitely
&innocent absolutely
&inscrutably dreadful
&insistently again
&interesting
&interesting bargain
intrude
irrepressible should yours--and
&irresistible reflexion
Juliet
&junior retract
&justice--something
&justly smiling
&kindly volume
knew--I however
ladder
&ladies
&large really
&lawn-tennis returned
&leaning ardent
&length regarded
&letters Havent
LIABILITY
&liberty middle
&life--shes inanity
likely Biddys
&Little
&little short
living Beauclere
London
&London brought
&looked;
looking
&lumped
madam
mainly repeat
&making
masquerade
matter
&matter beside
&matters
means
&meant
&measurements having
&member--am analysis
&mince-meat rooms
&minds holding
Miriam
Miriams
&misfortune
&modest
&modulation
moment
moment tawdry
morning agitated
&morning picture
morning truth
&mother
&mother rather
mothers Gabriel
MS Shell Dlg
&mystery
&neither
nothing
&nothing
nudity smiled
&nutshell
object--a hoping
obstructed
obtaining
&occasion tongue
&occupied
&occurred
opposition believe
&overlooked predecessor
&Paris
particular
&particular
parts friend
patience echoed activity
&people actuality
&perfectly certain--that
performer
&perhaps greater
&personage
&persons behalf
&persuade understood
&Peter
Peters beyond gold-headed6compared delightful Hawthorne little emphasised wooden;finding engaged covertly vaguely dependent trains characterLinstinct mistake--it finished bewildered--there souffle English objurgations
phrased ignorance
please resistance
pleasure
&poets--he
point--he actress
points places wonderfully should
&prepared sacrifice
pressed however
&pressed superior
&pretend
privately suspicion
probably
produced continued
&professional laughing
&Project
&Project women
&pronounced
&proprietress favours
purest stick
pushed
&quantum
&rather
reached
&really Certainly
&recognise side--you
reflexion notice
&regarded preparations
rehearsals challenge gathered
relieve
remain displaying thicknesses
&remarkably recognise
&remember
&remembered
&remonstrance
&repeat determination
replied
&reproducing
resistance rather
&responsible
&resting before
resumed
&returned
returned showed
return snubbed expression
RichEdit20A
&rising
&routed styles
sadly;
&saloon
&salutation affair
satirists apartments
&scene jolly
screw
searched
&seated violently
second
sensibility torment
series discuss
serious
shameful American through critic
Sherringham
&should
&should stayed
&sickly relieved
&silent daresay
sister things burning loosened
situation
slight
smashed settle
&so--he slightly
&something
sometimes almost
&splashes picture
stage
&statesman easily
station remember
&stirred
&story encourage
&Street occurred
streets
&strong Biddys
&struck
&subject
&subtle
success
suffering simply
&suggest have--you
&superseded repeated
support
&support
&surprise
surprise3perverse struck dance liking things offered thought8mother theatres associated represent--societies remember
susceptibility public
SysListView32
&table
Tahoma
&taking
talking
&talking
taste
&tasted
&temper acquaintance
&tenderness
terrible myself
&theatrical admired
&them--they
there quick
theres
&Theyll
&Theyre comparatively
&things
&things ladies
&things result
thinking
think turned minute
though
?though scraping portrait profession discretion Section opposite#Julias extent abatements individual!beside impulse ridiculous recites:visitors standing inmates Gutenberg-tm Because deliciously%submissions irritation friend bon--ah1happened struggle added things--which little--you
&thought
&throb connexion
&through havent
&thrust
tormented watery
&touches
&tragedian again;
tragic
&travel pointed
&treatise earned
trees relaxed
tremendous
turned
&turned offer--to
&uglier mother
unannounced display
unexpected fellow
&uniform futile
vaguely turning
Vavasour thing
vehemence irritation moment needed
&veiled
&vicissitudes courage
virtue
vision determined
vividly mystifying
Voyons--do
&wandered
wanted added
wanted whatever
well--youve struck
which<him--told colour English Juliet--take behind exclusion crawl0night Sherringham--when settle fiercely choosing4expression quitted paragraph nothing dealings should:invent little charity--give younger alone clever--I looked,little extent--I pertinacity removing hardly3confidence recognised though goose something circle
&whirled
whole Archive coloured havent
&window putting
wiser little
without
&without account
&without within
woman culture contradicted tongue
&world daresay
&wouldnt natural
wounded curious
&written
yards Miriam
&you--I grossness
0HjktQu]
1NCdN5	
2#=A}<*;
2('[LVYafd{G@BMMZ@Ostna
&50h\Yzug
%5i86tHO
7L$C-g
7zhyY 
8 lT|=
$8qx1<
[!9{9w?
9"l5m#
aNf&~L
B	&8:n
(bIGiyI
BitBlt
c\dHI@$
CreateCompatibleDC
CreateWindowExA
csv		JH
@.data
Dau-hYcx
DefWindowProcA
De~$h>
DeleteDC
$d	hnUev
DispatchMessageA
)E}5yT
>eHpwO
EndPaint
.ewkBf
Ex7RIe
f^9d,qz7
F<;aQS
FindResourceA
fP34{'
gdi32.dll
GetClientRect
GetCurrentProcessId
GetMessageA
GetModuleHandleA
GetProcessHeap
HeapAlloc
HE"YC5
\i69$@
&ik&@H
I=T^@:
JenausisFalisious
!J)j*-
JKVteG
[JMi?YPw
j|O_(V]IF`kctJIMBDGG@~u
jT/di-	
K[:]=_a
:Kdk,B
kernel32.dll
KillTimer
k><U^2
l9Y1gf
LoadCursorA
LoadIconA
LoadResource
M2IQ=(~M_n9!4(/d
-M5"' 
|MCBF;
!M{@/:@o
M-[*$O
_NEm+r
n-G')-
OcD*gG
^Oogin8
PC mP~
P|h#tDj
==PIe1
PostQuitMessage
qdwOgb
.*Q/k_>*&
|Q M))
`.rdata
RegisterClassExA
+r/<Hx>M
SelectObject
SetTimer
ShowWindow
SklSpcS
sn)M:u
!This program cannot be run in DOS mode.
TranslateMessage
-$txmA
UpdateWindow
user32.dll
/V#5;f
vA*u"h
VQ2l7B
w4*q/b
|WHZ,O
WR{gji
W<? #.x
@X|E12Q~ 
~xEU@v
xf_WR$)MLrccvpMI@^GOz
XG1U*E
x&mNHh
%x]N|	a
XXpaqh
Z\S&k*