Analysis Date2014-01-07 17:53:41
MD52519dfaa35353d61f13eadfc09c53de5
SHA18058bc489132e50cc377e75b31b791b991e22c89

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 2c3c4866be727ed04867a8d7011e8c95 sha1: ae6ebf626531a143ac11b5e027179ef06b6e80c1 size: 143872
Section.rsrc md5: ef4b5d3b66dcaf92adda89615819ba62 sha1: 3493458edba773bad7d4262b6eaeda44f82c44bf size: 19456
Timestamp2008-09-09 01:30:05
VersionLegalCopyright: Copyright (C) 2003-2008
InternalName: Freegate
FileVersion: 6, 7, 7, 0
CompanyName: Dynamic Internet Technology, Inc.
PrivateBuild:
LegalTrademarks:
Comments:
ProductName: Freegate Application
SpecialBuild:
ProductVersion: 0, 0, 0, 0
FileDescription: Freegate, Fast and Secure Gateway to Internet Freedom
OriginalFilename:
PackerPECompact 2.0x Heuristic Mode -> Jeremy Collake
PEhash26a5a6fa15ace7d3272154a05795c4c028a26d27

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1 ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SackOpts ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates File\Device\Afd\AsyncConnectHlp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\fg.ini
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePhysicalDrive0
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSwww.google.com

Network Details:

DNSwww.google.com
Type: A
173.194.67.106
DNSwww.google.com
Type: A
173.194.67.105
DNSwww.google.com
Type: A
173.194.67.104
DNSwww.google.com
Type: A
173.194.67.99
DNSwww.google.com
Type: A
173.194.67.147
DNSwww.google.com
Type: A
173.194.67.103
DNSany-rc.a01.yahoodns.net
Type: A
68.180.206.184
DNSupdate.microsoft.com.nsatc.net
Type: A
65.55.163.221
DNSw61.ziyoulonglive.com
Type: A
DNSw62.ziyoulonglive.com
Type: A
DNSw63.ziyoulonglive.com
Type: A
DNSw64.ziyoulonglive.com
Type: A
DNSw65.ziyoulonglive.com
Type: A
DNSvideo.yahoo.com
Type: A
DNSwindowsupdate.microsoft.com
Type: A
HTTP GEThttp://video.yahoo.com/mypage?s=4897495
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP GEThttp://video.yahoo.com/mypage?s=4897456
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP GEThttp://video.yahoo.com/mypage?s=4861896
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP GEThttp://windowsupdate.microsoft.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Flows UDP192.168.1.1:1031 ➝ 38.99.76.229:53
Flows UDP192.168.1.1:1032 ➝ 38.35.193.158:53
Flows UDP192.168.1.1:1031 ➝ 88.85.74.8:53
Flows UDP192.168.1.1:1032 ➝ 38.65.238.191:53
Flows UDP192.168.1.1:1031 ➝ 211.115.66.121:53
Flows UDP192.168.1.1:1032 ➝ 38.121.7.4:53
Flows UDP192.168.1.1:1031 ➝ 192.88.195.10:53
Flows UDP192.168.1.1:1032 ➝ 38.52.86.4:53
Flows UDP192.168.1.1:1032 ➝ 38.90.52.20:53
Flows UDP192.168.1.1:1031 ➝ 202.27.17.253:53
Flows UDP192.168.1.1:1032 ➝ 38.8.89.139:53
Flows UDP192.168.1.1:1032 ➝ 38.229.52.56:53
Flows UDP192.168.1.1:1031 ➝ 63.90.67.11:53
Flows UDP192.168.1.1:1032 ➝ 38.124.246.93:53
Flows UDP192.168.1.1:1031 ➝ 38.99.76.229:53
Flows UDP192.168.1.1:1032 ➝ 38.169.113.191:53
Flows UDP192.168.1.1:1032 ➝ 38.255.164.59:53
Flows UDP192.168.1.1:1032 ➝ 38.154.10.26:53
Flows UDP192.168.1.1:1032 ➝ 38.187.73.55:53
Flows UDP192.168.1.1:1032 ➝ 38.31.161.238:53
Flows UDP192.168.1.1:1032 ➝ 38.108.170.121:53
Flows UDP192.168.1.1:1032 ➝ 38.155.32.47:53
Flows UDP192.168.1.1:1032 ➝ 38.133.71.220:53
Flows UDP192.168.1.1:1032 ➝ 38.188.56.178:53
Flows UDP192.168.1.1:1032 ➝ 38.210.125.75:53
Flows UDP192.168.1.1:1032 ➝ 38.211.181.4:53
Flows UDP192.168.1.1:1032 ➝ 38.104.12.145:53
Flows UDP192.168.1.1:1032 ➝ 38.227.90.71:53
Flows UDP192.168.1.1:1032 ➝ 38.189.151.150:53
Flows UDP192.168.1.1:1032 ➝ 38.148.218.131:53
Flows UDP192.168.1.1:1032 ➝ 38.33.166.85:53
Flows UDP192.168.1.1:1032 ➝ 38.41.255.155:53
Flows UDP192.168.1.1:1032 ➝ 38.181.225.55:53
Flows UDP192.168.1.1:1032 ➝ 38.64.8.106:53
Flows UDP192.168.1.1:1032 ➝ 38.244.140.201:53
Flows UDP192.168.1.1:1032 ➝ 38.138.151.88:53
Flows UDP192.168.1.1:1032 ➝ 38.27.124.220:53
Flows UDP192.168.1.1:1032 ➝ 38.48.17.114:53
Flows UDP192.168.1.1:1032 ➝ 38.45.90.86:53
Flows UDP192.168.1.1:1032 ➝ 38.60.92.227:53
Flows UDP192.168.1.1:1032 ➝ 38.190.71.167:53
Flows UDP192.168.1.1:1032 ➝ 38.204.197.183:53
Flows UDP192.168.1.1:1032 ➝ 38.205.131.63:53
Flows UDP192.168.1.1:1032 ➝ 38.151.54.94:53
Flows UDP192.168.1.1:1032 ➝ 38.129.129.247:53
Flows UDP192.168.1.1:1032 ➝ 38.25.142.242:53
Flows UDP192.168.1.1:1032 ➝ 38.14.38.100:53
Flows UDP192.168.1.1:1032 ➝ 38.2.148.17:53
Flows UDP192.168.1.1:1032 ➝ 38.78.223.129:53
Flows UDP192.168.1.1:1032 ➝ 38.209.105.242:53
Flows UDP192.168.1.1:1032 ➝ 38.179.244.70:53
Flows TCP192.168.1.1:1033 ➝ 38.99.76.229:53
Flows TCP192.168.1.1:1034 ➝ 88.85.74.8:53
Flows TCP192.168.1.1:1035 ➝ 211.115.66.121:53
Flows TCP192.168.1.1:1036 ➝ 192.88.195.10:53
Flows TCP192.168.1.1:1037 ➝ 202.27.17.253:53
Flows TCP192.168.1.1:1038 ➝ 63.90.67.11:53
Flows TCP192.168.1.1:1039 ➝ 65.49.2.91:443
Flows TCP192.168.1.1:1040 ➝ 65.49.2.96:443
Flows TCP192.168.1.1:1041 ➝ 173.194.67.106:443
Flows TCP192.168.1.1:1042 ➝ 68.180.206.184:80
Flows TCP192.168.1.1:1043 ➝ 68.180.206.184:80
Flows TCP192.168.1.1:1044 ➝ 68.180.206.184:80
Flows UDP192.168.1.1:1045 ➝ 38.99.76.229:53
Flows UDP192.168.1.1:1046 ➝ 38.35.193.158:53
Flows UDP192.168.1.1:1046 ➝ 38.65.238.191:53
Flows UDP192.168.1.1:1045 ➝ 88.85.74.8:53
Flows UDP192.168.1.1:1046 ➝ 38.121.7.4:53
Flows UDP192.168.1.1:1046 ➝ 38.52.86.4:53
Flows UDP192.168.1.1:1045 ➝ 211.115.66.121:53
Flows UDP192.168.1.1:1046 ➝ 38.90.52.20:53
Flows UDP192.168.1.1:1046 ➝ 38.8.89.139:53
Flows UDP192.168.1.1:1045 ➝ 192.88.195.10:53
Flows UDP192.168.1.1:1046 ➝ 38.229.52.56:53
Flows UDP192.168.1.1:1046 ➝ 38.124.246.93:53
Flows UDP192.168.1.1:1045 ➝ 202.27.17.253:53
Flows UDP192.168.1.1:1046 ➝ 38.169.113.191:53
Flows UDP192.168.1.1:1046 ➝ 38.255.164.59:53
Flows UDP192.168.1.1:1045 ➝ 63.90.67.11:53
Flows UDP192.168.1.1:1046 ➝ 38.154.10.26:53
Flows UDP192.168.1.1:1046 ➝ 38.187.73.55:53
Flows UDP192.168.1.1:1046 ➝ 38.31.161.238:53
Flows UDP192.168.1.1:1046 ➝ 38.108.170.121:53
Flows UDP192.168.1.1:1046 ➝ 38.155.32.47:53
Flows UDP192.168.1.1:1046 ➝ 38.133.71.220:53
Flows UDP192.168.1.1:1046 ➝ 38.188.56.178:53
Flows UDP192.168.1.1:1046 ➝ 38.210.125.75:53
Flows UDP192.168.1.1:1046 ➝ 38.211.181.4:53
Flows TCP192.168.1.1:1047 ➝ 65.55.163.221:80
Flows UDP192.168.1.1:1046 ➝ 38.104.12.145:53
Flows TCP192.168.1.1:1048 ➝ 65.55.163.221:80
Flows UDP192.168.1.1:1046 ➝ 38.227.90.71:53
Flows UDP192.168.1.1:1046 ➝ 38.189.151.150:53
Flows UDP192.168.1.1:1046 ➝ 38.148.218.131:53
Flows UDP192.168.1.1:1046 ➝ 38.33.166.85:53
Flows UDP192.168.1.1:1046 ➝ 38.41.255.155:53
Flows UDP192.168.1.1:1046 ➝ 38.181.225.55:53
Flows UDP192.168.1.1:1046 ➝ 38.64.8.106:53
Flows UDP192.168.1.1:1046 ➝ 38.244.140.201:53
Flows UDP192.168.1.1:1046 ➝ 38.138.151.88:53
Flows UDP192.168.1.1:1046 ➝ 38.27.124.220:53
Flows UDP192.168.1.1:1046 ➝ 38.48.17.114:53
Flows UDP192.168.1.1:1046 ➝ 38.45.90.86:53
Flows UDP192.168.1.1:1046 ➝ 38.60.92.227:53
Flows UDP192.168.1.1:1046 ➝ 38.190.71.167:53
Flows UDP192.168.1.1:1046 ➝ 38.204.197.183:53
Flows UDP192.168.1.1:1046 ➝ 38.205.131.63:53
Flows UDP192.168.1.1:1046 ➝ 38.151.54.94:53
Flows UDP192.168.1.1:1046 ➝ 38.129.129.247:53
Flows UDP192.168.1.1:1046 ➝ 38.25.142.242:53
Flows UDP192.168.1.1:1046 ➝ 38.14.38.100:53
Flows UDP192.168.1.1:1046 ➝ 38.2.148.17:53
Flows UDP192.168.1.1:1046 ➝ 38.78.223.129:53
Flows UDP192.168.1.1:1046 ➝ 38.209.105.242:53
Flows UDP192.168.1.1:1046 ➝ 38.179.244.70:53

Raw Pcap
0x00000000 (00000)   02                                    .

0x00000000 (00000)   02                                    .

0x00000000 (00000)   02                                    .

0x00000000 (00000)   02                                    .

0x00000000 (00000)   02                                    .

0x00000000 (00000)   02                                    .

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   804c0103                              .L..

0x00000000 (00000)   1603                                  ..

0x00000000 (00000)   47455420 2f6d7970 6167653f 733d3438   GET /mypage?s=48
0x00000010 (00016)   39373439 35204854 54502f31 2e310d0a   97495 HTTP/1.1..
0x00000020 (00032)   41636365 70743a20 2a2f2a0d 0a416363   Accept: */*..Acc
0x00000030 (00048)   6570742d 4c616e67 75616765 3a207a68   ept-Language: zh
0x00000040 (00064)   2d636e0d 0a557365 722d4167 656e743a   -cn..User-Agent:
0x00000050 (00080)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000060 (00096)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000070 (00112)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000080 (00128)   2e313b20 53563129 0d0a486f 73743a20   .1; SV1)..Host: 
0x00000090 (00144)   76696465 6f2e7961 686f6f2e 636f6d0d   video.yahoo.com.
0x000000a0 (00160)   0a436f6e 6e656374 696f6e3a 20436c6f   .Connection: Clo
0x000000b0 (00176)   73650d0a 0d0a581c 1470f587 d023cd61   se....X..p...#.a
0x000000c0 (00192)   5b9915d2 02fc2d74 e9ea3722 03b7920c   [.....-t..7"....
0x000000d0 (00208)   37c34748 52032609 d7170e67 139a6a3f   7.GHR.&....g..j?
0x000000e0 (00224)   55845c1e acc2f222 b8262350 65751011   U.\....".&#Peu..
0x000000f0 (00240)   11b575e9 5c07ca51 4549ec25 2757bdba   ..u.\..QEI.%'W..
0x00000100 (00256)   7e85fa5d 3bd7805c 9853af12 60b746a7   ~..];..\.S..`.F.
0x00000110 (00272)   d2f6c451 66f22fe4 568f2c01 602a9b7c   ...Qf./.V.,.`*.|
0x00000120 (00288)   91eaa84a cb85ad5a 2593570f 9d3b7897   ...J...Z%.W..;x.
0x00000130 (00304)   03b613ae 014e275c 81f82dad 5089b693   .....N'\..-.P...
0x00000140 (00320)   44a281fe a53daefc aecab7f9 86ed1281   D....=..........
0x00000150 (00336)   5ffd8d17 b6f6971b ddf13be7            _.........;.

0x00000000 (00000)   47455420 2f6d7970 6167653f 733d3438   GET /mypage?s=48
0x00000010 (00016)   39373435 36204854 54502f31 2e310d0a   97456 HTTP/1.1..
0x00000020 (00032)   41636365 70743a20 2a2f2a0d 0a416363   Accept: */*..Acc
0x00000030 (00048)   6570742d 4c616e67 75616765 3a207a68   ept-Language: zh
0x00000040 (00064)   2d636e0d 0a557365 722d4167 656e743a   -cn..User-Agent:
0x00000050 (00080)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000060 (00096)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000070 (00112)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000080 (00128)   2e313b20 53563129 0d0a486f 73743a20   .1; SV1)..Host: 
0x00000090 (00144)   76696465 6f2e7961 686f6f2e 636f6d0d   video.yahoo.com.
0x000000a0 (00160)   0a436f6e 6e656374 696f6e3a 20436c6f   .Connection: Clo
0x000000b0 (00176)   73650d0a 0d0a0a20 203c2f68 6561643e   se.....  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f6d7970 6167653f 733d3438   GET /mypage?s=48
0x00000010 (00016)   36313839 36204854 54502f31 2e310d0a   61896 HTTP/1.1..
0x00000020 (00032)   41636365 70743a20 2a2f2a0d 0a416363   Accept: */*..Acc
0x00000030 (00048)   6570742d 4c616e67 75616765 3a207a68   ept-Language: zh
0x00000040 (00064)   2d636e0d 0a557365 722d4167 656e743a   -cn..User-Agent:
0x00000050 (00080)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000060 (00096)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000070 (00112)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000080 (00128)   2e313b20 53563129 0d0a486f 73743a20   .1; SV1)..Host: 
0x00000090 (00144)   76696465 6f2e7961 686f6f2e 636f6d0d   video.yahoo.com.
0x000000a0 (00160)   0a436f6e 6e656374 696f6e3a 20436c6f   .Connection: Clo
0x000000b0 (00176)   73650d0a 0d0a0a20 203c2f68 6561643e   se.....  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a32 bf65636e 40ab0881   /html>.2.ecn@...
0x000001a0 (00416)   18c93fc2 69ca1c31 10f9febd 4a62378a   ..?.i..1....Jb7.
0x000001b0 (00432)   9c881e90 bc4bf2c5 878b7460 ca1f42f0   .....K....t`..B.
0x000001c0 (00448)   dd279968 9bc597f9 d3826a5b eda3c71f   .'.h......j[....
0x000001d0 (00464)   8eb49a18 980c94e6 5ad0fa47 e4858c47   ........Z..G...G
0x000001e0 (00480)   72cd9785 573484ca fc6a90c4 b643807f   r...W4...j...C..
0x000001f0 (00496)   2ed0abe0 ebf85f9c 033b1c1f 48f753c5   ......_..;..H.S.
0x00000200 (00512)   cb1340a5 9619ca94 2b2318ec ae674670   ..@.....+#...gFp
0x00000210 (00528)   b3b2fb                                ...

0x00000000 (00000)   47455420 2f204854 54502f31 2e310d0a   GET / HTTP/1.1..
0x00000010 (00016)   41636365 70743a20 2a2f2a0d 0a416363   Accept: */*..Acc
0x00000020 (00032)   6570742d 4c616e67 75616765 3a207a68   ept-Language: zh
0x00000030 (00048)   2d636e0d 0a557365 722d4167 656e743a   -cn..User-Agent:
0x00000040 (00064)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000050 (00080)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000060 (00096)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000070 (00112)   2e313b20 53563129 0d0a486f 73743a20   .1; SV1)..Host: 
0x00000080 (00128)   77696e64 6f777375 70646174 652e6d69   windowsupdate.mi
0x00000090 (00144)   63726f73 6f66742e 636f6d0d 0a436f6e   crosoft.com..Con
0x000000a0 (00160)   6e656374 696f6e3a 20436c6f 73650d0a   nection: Close..
0x000000b0 (00176)   0d0a0d0a 0d0a0a20 203c2f68 6561643e   .......  </head>
0x000000c0 (00192)   ffffffff 626f6479 3e0a2020 20203c68   ....body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 80d33976 6e7f       1>Not Fo..9vn.


Strings
0, 0, 0, 0
040904b0
6, 7, 7, 0
Comments
CompanyName
Copyright (C) 2003-2008
Dynamic Internet Technology, Inc.
FileDescription
FileVersion
Freegate
Freegate Application
Freegate, Fast and Secure Gateway to Internet Freedom
InternalName
LegalCopyright
LegalTrademarks
OriginalFilename
PrivateBuild
ProductName
ProductVersion
SpecialBuild
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
)@@*(,(
{$! -"
0F3`\l
0!Kptb
~188881~
1CIt$M
1k3G]W
1W:+]\
!	1y+cn%
2&.|5p`
2\<(-MUUVVVV
38%`\2<
+3Pg(I
@3X>,P
5q.mMs
{["-6#
6D1y$?["
~8880000/01
8I<eHw
8K(v X
9jLSbF
9: .n3
9n*Du	
a`}1,)
+(a3W@
!ab;}W.
a@f;3t
AgZU{W
azo 8>
B~3Pws/
bP`"2T
@-c	(n
D5LYi	
^d*]p9
`DS-T@:
%Dx9de
>E>6Eq
!eg:3#
 ErCF=
,F)N*?
Fx>M[C
G<3u ]O1
-G!5BN
G''+9T
GetProcAddress
\gr@$.e
:~GUmx[
<;>H#&
h"51i@
hdWTZis
HfCu	v
%H}v)f
H,<W b
hyBM8{
iH#q83=P
%$Im]w
i@@@,-P
"	IP0C
I&s y9
i@;ZYd
j*}ch>O
JMx0e*S
`{!jp|
kernel32.dll
K{;,Gt
k	I3F M
!.[K<r
.?kU>#
-/l*'8
.LA5$5
lB@wJ?
LJg@DO
l#K;BT
LoadLibraryA
lO[X5x
:.L/u]
M%BDaQ
MDVfp<
\M*ekX(
MLKDc: 
mofw|#1
N34;2#
;]NGB7.
n&`_q?
|";NV<%/
o7);<sm
oA!eW-
[o^IY@
[OW?]R
P0j,Zm?
pD71j-
<p\DfU
PEC2=O
PECompact2
.^P;&%H
P-@U@VAVX
q-@dkK
QMb+a:
>qRbC!?
Q)~sg}d
qU@GJdkM
q(XDp]
QX]kfmgzC
Qz@FaTB,s
R9w`fY	5
rc l[<
r)H;5f
r+?_>I
RjJCvb
r OFu[
:Rt~@n
rUK#Js
<s[D&K
sNh-e``R
S;-+P5**
T2eb_F
=	t#6`
;_TFi~
T@,GO#
!This program cannot be run in DOS mode.
-<u@	\
_U@=4X
\!-_ua
U:]e?9
umxxmu
._u'o^`
USQWVR
u*	T+r
UVVVWX
` ({_"v
v=3m+_
VAgM1<
Vb)M2;
VirtualAlloc
VirtualFree
vjBI\B
:Vl3T2[
]VrDt\
\V(]ZH
W5''[-P
w5q*jCms
Wjt$`!7]
w`r3K@
wY&4[R
xb]H))s,
Xf%g){
\XSu)9]
Y2Hbg5
y5=?'%
 Y\Bhr
|YmSvGM
Yw1<0R-
YYu|9E
Z/c:I'
?ZCl6u
zc+(N@
Zfi2Da`?gH
ZkC-$Y
Z^_Y[]