Analysis Date2014-07-08 07:43:56
MD5e3787efc06ce806e2840f7dc0c4c33c0
SHA1bdb5ae4dafcb7a966fa402573ecd709e26ef6ce7

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 00d527aac9bc9d6496e8d1dd50d92f99 sha1: 4df71c68ffb861ad568211a4519760e03bb62aaf size: 1024
Section.rdata md5: 5e001465d8cd3c885bc984c952e08cb6 sha1: 32ee3ee5d774fd02de6c2a88102ae2ee5e5e4e06 size: 1024
Section.data md5: fc7eb756c1f4b17f16449816cc3cec81 sha1: 2617518e49202d532dae1af9ba05aecfefd1e75b size: 512
Section.rsrc md5: 2d2a907736c5bc5901cd225c009994c4 sha1: e6be8c5541a3254958a0b5b6b950b4ac50dd0ec9 size: 58368
Timestamp2014-06-26 11:39:43
PEhashb4f483da6ed48ce7fc8d956757473c5257e20a82
IMPhash4ca0a0adb97211d9334271ded971bdde
AV360 SafeGen:Variant.Kazy.327123
AVAd-AwareGen:Variant.Kazy.327123
AVAlwil (avast)Cutwail-CM [Trj]
AVArcabit (arcavir)no_virus
AVAuthentiumno_virus
AVAvira (antivir)TR/Dropper.Gen
AVCA (E-Trust Ino)Win32/Cutwail.ZaQFdID
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. WebTrojan.MulDrop3.14959
AVEmsisoftno_virus
AVEset (nod32)Win32/Kryptik.CFFF
AVFortinetno_virus
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Kazy.327123
AVGrisoft (avg)Crypt3.ACAB
AVIkarusTrojan.Win32.Kryptik
AVK7no_virus
AVKasperskyTrojan.Win32.Cutwail.ddh
AVMalwareBytesno_virus
AVMcafeeRDN/Downloader.a!rq
AVMicrosoft Security EssentialsTrojanDownloader:Win32/Cutwail.BS
AVMicroWorld (escan)Gen:Variant.Kazy.327123
AVNormanwinpe/Agent.BDUSS
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\pavycfalorqi ➝
C:\Documents and Settings\Administrator\pavycfalorqi.exe
RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\AppManagement ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\bcglaw[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\ruche-home[1].htm
Creates FileC:\Documents and Settings\Administrator\pavycfalorqi.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\casamolina[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\womeningold[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\mpccontainment[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\chaseinternet[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\mailhost.midwestlabs[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\coolbsuhouses[1].htm
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-500\a18ca4003deb042bbee7a40f15e1970b_666939c9-243b-475e-9504-51724db22670
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\leads.com[1].htm
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\blackvoib[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\magi-cat[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\indianapt[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\hermann[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\ylbrand[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\ecom-jp.co[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\industrieundhandelsverlag[1].htm
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\lavenhamhorserugs[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\indianapt[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\bcglaw[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\hermann[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\ruche-home[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\ylbrand[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\casamolina[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\ecom-jp.co[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\womeningold[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\chaseinternet[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\mpccontainment[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\industrieundhandelsverlag[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\mailhost.midwestlabs[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\coolbsuhouses[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\blackvoib[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\lavenhamhorserugs[1].htm
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\magi-cat[1].htm
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates Mutexpavycfalorqi
Winsock DNSpancaship.com
Winsock DNSmagi-cat.org
Winsock DNSsystemteknik.se
Winsock DNSylbrand.com
Winsock DNSchaseinternet.com
Winsock DNScasamolina.com
Winsock DNSleads.com.my
Winsock DNSlavenhamhorserugs.com
Winsock DNSindianapt.com
Winsock DNSruche-home.net
Winsock DNSccslimited.org.uk
Winsock DNSindustrieundhandelsverlag.de
Winsock DNShermann.cz
Winsock DNSmailhost.midwestlabs.com
Winsock DNSmpccontainment.com
Winsock DNScoolbsuhouses.com
Winsock DNSblackvoib.com
Winsock DNSecom-jp.co.jp
Winsock DNSwomeningold.com
Winsock DNSbcglaw.com

Network Details:

DNSsmtp.glbdns2.microsoft.com
Type: A
65.55.176.126
DNSsmtp.mail.us.am0.yahoodns.net
Type: A
98.139.211.125
DNSsmtp.mail.us.am0.yahoodns.net
Type: A
63.250.193.228
DNSsmtp.mail.us.am0.yahoodns.net
Type: A
98.138.105.21
DNSindianapt.com
Type: A
50.28.36.130
DNSblackvoib.com
Type: A
23.106.102.12
DNSbcglaw.com
Type: A
202.191.63.90
DNSsmtp.live.com
Type: A
DNSsmtp.mail.yahoo.com
Type: A
DNSlavenhamhorserugs.com
Type: A
HTTP POSThttp://blackvoib.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Flows TCP192.168.1.1:1031 ➝ 65.55.176.126:25
Flows TCP192.168.1.1:1032 ➝ 98.139.211.125:25
Flows TCP192.168.1.1:1035 ➝ 23.106.102.12:80

Raw Pcap
0x00000000 (00000)   504f5354 202f2048 5454502f 312e310d   POST / HTTP/1.1.
0x00000010 (00016)   0a416363 6570743a 202a2f2a 0d0a4163   .Accept: */*..Ac
0x00000020 (00032)   63657074 2d4c616e 67756167 653a2065   cept-Language: e
0x00000030 (00048)   6e2d7573 0d0a436f 6e74656e 742d5479   n-us..Content-Ty
0x00000040 (00064)   70653a20 6170706c 69636174 696f6e2f   pe: application/
0x00000050 (00080)   6f637465 742d7374 7265616d 0d0a436f   octet-stream..Co
0x00000060 (00096)   6e74656e 742d4c65 6e677468 3a203534   ntent-Length: 54
0x00000070 (00112)   360d0a55 7365722d 4167656e 743a204d   6..User-Agent: M
0x00000080 (00128)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000090 (00144)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x000000a0 (00160)   3b205769 6e646f77 73204e54 20352e31   ; Windows NT 5.1
0x000000b0 (00176)   3b205356 31290d0a 486f7374 3a20626c   ; SV1)..Host: bl
0x000000c0 (00192)   61636b76 6f69622e 636f6d0d 0a436f6e   ackvoib.com..Con
0x000000d0 (00208)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000e0 (00224)   6976650d 0a436163 68652d43 6f6e7472   ive..Cache-Contr
0x000000f0 (00240)   6f6c3a20 6e6f2d63 61636865 0d0a0d0a   ol: no-cache....
0x00000100 (00256)   4334665a 4a6b6f67 6e526347 6341626d   C4fZJkognRcGcAbm
0x00000110 (00272)   72524f42 4d513051 31517636 7a5a312b   rROBMQ0Q1Qv6zZ1+
0x00000120 (00288)   48736356 734d4261 45784368 2f523158   HscVsMBaExCh/R1X
0x00000130 (00304)   64627264 71593249 4a4a5348 62453936   dbrdqY2IJJSHbE96
0x00000140 (00320)   0d0a6852 30617656 44726a52 64384875   ..hR0avVDrjRd8Hu
0x00000150 (00336)   4e314d4e 4a473557 4f52304a 4c704274   N1MNJG5WOR0JLpBt
0x00000160 (00352)   69734435 584f3378 4962356c 5779394a   isD5XO3xIb5lWy9J
0x00000170 (00368)   654a3876 6a4f556b 6f324a31 476a6838   eJ8vjOUko2J1Gjh8
0x00000180 (00384)   656d0d0a 4a586436 6d736c64 4e2b6d61   em..JXd6msldN+ma
0x00000190 (00400)   36687732 6130472b 2b39564e 784a7153   6hw2a0G++9VNxJqS
0x000001a0 (00416)   62786d4e 34346643 784a694a 49524d79   bxmN44fCxJiJIRMy
0x000001b0 (00432)   78707a66 64347a62 7a556652 6267764a   xpzfd4zbzUfRbgvJ
0x000001c0 (00448)   754d3370 0d0a5953 42685865 32474a2f   uM3p..YSBhXe2GJ/
0x000001d0 (00464)   32342b42 46627669 7a445536 73755862   24+BFbvizDU6suXb
0x000001e0 (00480)   657a6674 43414452 79364d64 51496b7a   ezftCADRy6MdQIkz
0x000001f0 (00496)   65394a7a 31786f35 76706871 5a446649   e9Jz1xo5vphqZDfI
0x00000200 (00512)   3178326f 324f0d0a 6e454d63 6b764c34   1x2o2O..nEMckvL4
0x00000210 (00528)   38483751 6b423456 3041377a 7a656146   8H7QkB4V0A7zzeaF
0x00000220 (00544)   6d684452 4a4b5a41 6b2b7557 6f53476b   mhDRJKZAk+uWoSGk
0x00000230 (00560)   45465254 75307554 31486a71 6a644161   EFRTu0uT1HjqjdAa
0x00000240 (00576)   42373755 34616876 0d0a374d 764e6172   B77U4ahv..7MvNar
0x00000250 (00592)   58416136 376f534a 47574b41 726b4441   XAa67oSJGWKArkDA
0x00000260 (00608)   61575555 46797937 69522f53 4d77784a   aWUUFyy7iR/SMwxJ
0x00000270 (00624)   33464c33 64385348 2b567336 38366b69   3FL3d8SH+Vs686ki
0x00000280 (00640)   79794759 4c79696d 56790d0a 3172566e   yyGYLyimVy..1rVn
0x00000290 (00656)   4748346b 4565784a 682f5367 6e437943   GH4kEexJh/SgnCyC
0x000002a0 (00672)   4a767836 58515738 65356f32 2f433157   Jvx6XQW8e5o2/C1W
0x000002b0 (00688)   466f5057 4e796461 3252514f 562f566b   FoPWNyda2RQOV/Vk
0x000002c0 (00704)   4c763432 4a713949 7364752b 0d0a556b   Lv42Jq9Isdu+..Uk
0x000002d0 (00720)   564a786a 6c56346a 706b567a 4e52414b   VJxjlV4jpkVzNRAK
0x000002e0 (00736)   6d51387a 70696176 73377956 62534248   mQ8zpiavs7yVbSBH
0x000002f0 (00752)   74427265 4c64644c 2b6e7544 312b494d   tBreLddL+nuD1+IM
0x00000300 (00768)   37507062 636c6138 2b68614b 33430d0a   7Ppbcla8+haK3C..
0x00000310 (00784)   454c346a 32686d77 38673275 6b52773d   EL4j2hmw8g2ukRw=
0x00000320 (00800)   0d0a                                  ..


Strings
.
.
.

5WA	
&about highnesses
absolutely tribulations enticing
&accent
actress sufferance
&admire ambition
advice
&advise matter
affair
&affair
again
&aggressive rolled
&ahead;
&alone before
&always
&Americas Sherringham
amused
&angry unburdened
antidote eyeglass
&anything
appealed
&appear else--the
&artistic everything
&artist remained
aspirant gloves
&assent
august;
&beautiful expressed
&beauty
&because
before
&before
Before
&Before
&before rested
&belongs shouldnt
benevolent
better
&between perfectly
blowing
&bottom
&bright preference
&broken femmes
brother pockets delicate
brought
bungled abroad caring
business
&business moment
&canvas myself
&career
&career action--for
&carried continuance
&case--well daresay
challenge
character
&charmed
&charmed Biddy
&cherished no--everythings
&coachman
&coming
&companion
&compelled pleasure
competent engaged
comprehensible
computers
&comrades
comrades everything
conceded unhappy
&connexions
&conscious
&consented
&consideration Sherringham
contradicted assumed
&counted
&country-houses
&country should
covered
&creatures medals
&curiosity
curiosity synonymous
curve;
cushioned clever Better
Dashwood window charming,gentleman staring to-day; imputing presently	surprised
&dazzling
&deceit
&deeper novels
&definitely
degree
delighted
&delightful improper
&deluded laughed
&demonstration
&describe--if
destined
&device fondness
&dining
&disaster talent;
&disclaimers interests
&discouraging
&dispersal
&Dormer
&Dormer worthy
&drama;
&draught
droll vision produced audibly
&dropped hastily
During simpler stockbroker version
easily
&education
&effort
embodied
embraced
&embroidery lingered
enough
&enough
enough dreadful memory:health before anything perform expenses minister literally
entity
&epitome
essence
&events
everything
&Everythings proposed
&exactly
&exasperated
excellent Carr?? casual
&exertions
explained returned
extraordinarily
&face--in moving
&failed straight
&father delightful
&favour
&felicities before
&fellow
figure
&figuring began
flatness
&flowers
fondly celebrated
&forbore
formats bravely
formed
&Foundation effective
frankly library
functionaries
&further
future
&Gabriel humbugging
Gabriel question
general action
&general appearance
genius--he
&gentility suspicion
getting fondly struck esteemed'memories forward course invitation--and(protection abreast humiliations derision$lingering looked precisely observing2Fran?ais come--to proofs because morning pretended0domestic rudiment before during Martins reportedEthree-quarters learned indebted electricities otherwise theres excess
&gowns flaxen
graces though
&grind
&hand-bills
handsome disagree seemed
&Harsh Nicholas
&havent interesting
havent thing
hearing
heroic
&herself
herself seemed mornings never--never
&himself excuse
history
&honour Madame
house
&house
&houses
how--but definitely
however
&however tasteful
hundred
hushed paradoxical
&imagination
immediately mother
impugn are--and
&impugned impression
&inferior
&infinitely
&innocent absolutely
&inscrutably dreadful
&insistently again
&interesting
&interesting bargain
intrude
irrepressible should yours--and
&irresistible reflexion
Juliet
&junior retract
&justice--something
&justly smiling
&kindly volume
knew--I however
ladder
&ladies
&large really
&lawn-tennis returned
&leaning ardent
&length regarded
&letters Havent
LIABILITY
&liberty middle
&life--shes inanity
likely Biddys
&Little
&little short
living Beauclere
London
&London brought
&looked;
looking
&lumped
madam
mainly repeat
&making
masquerade
matter
&matter beside
&matters
means
&meant
&measurements having
&member--am analysis
&mince-meat rooms
&minds holding
Miriam
Miriams
&misfortune
&modest
&modulation
moment
moment tawdry
morning agitated
&morning picture
morning truth
&mother
&mother rather
mothers Gabriel
MS Shell Dlg
&mystery
&neither
nothing
&nothing
nudity smiled
&nutshell
object--a hoping
obstructed
obtaining
&occasion tongue
&occupied
&occurred
opposition believe
&overlooked predecessor
&Paris
particular
&particular
parts friend
patience echoed activity
&people actuality
&perfectly certain--that
performer
&perhaps greater
&personage
&persons behalf
&persuade understood
&Peter
Peters beyond gold-headed6compared delightful Hawthorne little emphasised wooden;finding engaged covertly vaguely dependent trains characterLinstinct mistake--it finished bewildered--there souffle English objurgations
phrased ignorance
please resistance
pleasure
&poets--he
point--he actress
points places wonderfully should
&prepared sacrifice
pressed however
&pressed superior
&pretend
privately suspicion
probably
produced continued
&professional laughing
&Project
&Project women
&pronounced
&proprietress favours
purest stick
pushed
&quantum
&rather
reached
&really Certainly
&recognise side--you
reflexion notice
&regarded preparations
rehearsals challenge gathered
relieve
remain displaying thicknesses
&remarkably recognise
&remember
&remembered
&remonstrance
&repeat determination
replied
&reproducing
resistance rather
&responsible
&resting before
resumed
&returned
returned showed
return snubbed expression
RichEdit20A
&rising
&routed styles
sadly;
&saloon
&salutation affair
satirists apartments
&scene jolly
screw
searched
&seated violently
second
sensibility torment
series discuss
serious
shameful American through critic
Sherringham
&should
&should stayed
&sickly relieved
&silent daresay
sister things burning loosened
situation
slight
smashed settle
&so--he slightly
&something
sometimes almost
&splashes picture
stage
&statesman easily
station remember
&stirred
&story encourage
&Street occurred
streets
&strong Biddys
&struck
&subject
&subtle
success
suffering simply
&suggest have--you
&superseded repeated
support
&support
&surprise
surprise3perverse struck dance liking things offered thought8mother theatres associated represent--societies remember
susceptibility public
SysListView32
&table
Tahoma
&taking
talking
&talking
taste
&tasted
&temper acquaintance
&tenderness
terrible myself
&theatrical admired
&them--they
there quick
theres
&Theyll
&Theyre comparatively
&things
&things ladies
&things result
thinking
think turned minute
though
?though scraping portrait profession discretion Section opposite#Julias extent abatements individual!beside impulse ridiculous recites:visitors standing inmates Gutenberg-tm Because deliciously%submissions irritation friend bon--ah1happened struggle added things--which little--you
&thought
&throb connexion
&through havent
&thrust
tormented watery
&touches
&tragedian again;
tragic
&travel pointed
&treatise earned
trees relaxed
tremendous
turned
&turned offer--to
&uglier mother
unannounced display
unexpected fellow
&uniform futile
vaguely turning
Vavasour thing
vehemence irritation moment needed
&veiled
&vicissitudes courage
virtue
vision determined
vividly mystifying
Voyons--do
&wandered
wanted added
wanted whatever
well--youve struck
which<him--told colour English Juliet--take behind exclusion crawl0night Sherringham--when settle fiercely choosing4expression quitted paragraph nothing dealings should:invent little charity--give younger alone clever--I looked,little extent--I pertinacity removing hardly3confidence recognised though goose something circle
&whirled
whole Archive coloured havent
&window putting
wiser little
without
&without account
&without within
woman culture contradicted tongue
&world daresay
&wouldnt natural
wounded curious
&written
yards Miriam
&you--I grossness
@3C`?]o
'.4LX]
5L#LVI
5*![~N
/5pH|t
|7	\S%)
	7w;_#
8<A_D?
aS-QE,l
,a$#)Z
BitBlt
bT	)6L:G
CreateCompatibleDC
CreateWindowExA
C|XHTw3MN]E
@.data
DefWindowProcA
DeleteDC
DispatchMessageA
;eg\aU7=
EH^_ON@Ey|rscbty
EndPaint
FindResourceA
Fqtt|	
gdi32.dll
GetClientRect
GetCurrentProcessId
GetMessageA
GetModuleHandleA
GetProcessHeap
#GO/g_
HeapAlloc
&hluUT]Un
H}>R0k
']}h@x/bdy
i}<N/y
iR|O%;u
JenausisFalisious
Jm5OkL;?
	j"+N 
kernel32.dll
KillTimer
lf/;/K4.\
LoadCursorA
LoadIconA
LoadResource
}LQ@E-#'5
m1e|5D
_	n3tz
;ne.&Iu
nK]aI39
N)Kj*O
PostQuitMessage
RB,]eQ('>
RCw^P-50
`.rdata
RegisterClassExA
rPp.@:I!
SelectObject
SetTimer
ShowWindow
T17kzm
!This program cannot be run in DOS mode.
TP-Zigv
TranslateMessage
uFu'>5
uLw{u?Y
UpdateWindow
}U~PNiO
user32.dll
v3J,eoQ^~k/
_Vq]Zh7	t/
'&W4hKF
WGVh}1$
WT\tP"\
Www=v`>d
Y!tCgS
YXK473c*
zx{cAkX