Analysis Date2014-03-03 03:51:39
MD5c4f556d40d3ad708e1b223606811780f
SHA1c3a97ad929d8061ad1261ad5d253fbefc5d6a2ed

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionUPX0 md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
SectionUPX1 md5: 651807f6b5c7120ed7188229d456a695 sha1: 23462d74c475fc1a7902fc477345191ed640dd99 size: 486400
Section.rsrc md5: 5e1e7217a4adb9dc3145383fe898bd9b sha1: 1de9b03fba3ca7d007e2314dda9ef6aa3911bdfe size: 17920
Timestamp2011-04-24 07:07:20
VersionLegalCopyright: 蓝宝石软件 版权所有
FileVersion: 8.0.0.0
CompanyName: 蓝宝石软件
Comments: 本程序使用易语言编写(http://www.eyuyan.com)
ProductName: 网吧语音服务大师 8.0 客户端程序
ProductVersion: 8.0.0.0
FileDescription: 最专业使用最为广泛的网吧语音服务软件。
PackerUPX -> www.upx.sourceforge.net
PEhashfe8f27d88ea9bfda6ebfc1a5d773d6565204918a
IMPhashed81bf0539b0601258ef15469170c091
AVavgSHeur4.CZU
AVmcafeeFlyagent

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\c3a97ad929d8061ad1261ad5d253fbefc5d6a2ed ➝
C:\malware.exe\\x00
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates File\Device\Afd\AsyncConnectHlp
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSuser.hylbs.com
Winsock DNSwww.hylbs.com

Network Details:

DNS5a453ae9c28d1785.cdn.jiashule.com
Type: A
222.216.190.60
DNS5a453ae9c28d1785.cdn.jiashule.com
Type: A
222.216.190.64
DNSdnspod-free.mydnspod.net
Type: A
54.248.143.107
DNSdnspod-free.mydnspod.net
Type: A
54.248.82.230
DNSwww.hylbs.com
Type: A
DNSuser.hylbs.com
Type: A
HTTP GEThttp://www.hylbs.com/update/newversion.txt
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP GEThttp://user.hylbs.com/update/newversion.txt
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP GEThttp://www.hylbs.com/lbs/logoff.txt
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP GEThttp://user.hylbs.com/lbs/logoff.txt
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP GEThttp://www.hylbs.com/lbs/logon.txt
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP GEThttp://user.hylbs.com/lbs/logon.txt
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Flows TCP192.168.1.1:1031 ➝ 222.216.190.60:80
Flows TCP192.168.1.1:1032 ➝ 54.248.143.107:80
Flows TCP192.168.1.1:1033 ➝ 222.216.190.60:80
Flows TCP192.168.1.1:1034 ➝ 54.248.143.107:80
Flows TCP192.168.1.1:1035 ➝ 222.216.190.60:80
Flows TCP192.168.1.1:1036 ➝ 54.248.143.107:80

Raw Pcap
0x00000000 (00000)   47455420 2f757064 6174652f 6e657776   GET /update/newv
0x00000010 (00016)   65727369 6f6e2e74 78742048 5454502f   ersion.txt HTTP/
0x00000020 (00032)   312e310d 0a557365 722d4167 656e743a   1.1..User-Agent:
0x00000030 (00048)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000040 (00064)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000050 (00080)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000060 (00096)   2e313b20 53563129 0d0a4163 63657074   .1; SV1)..Accept
0x00000070 (00112)   2d4c616e 67756167 653a207a 682d636e   -Language: zh-cn
0x00000080 (00128)   0d0a436f 6e6e6563 74696f6e 3a204b65   ..Connection: Ke
0x00000090 (00144)   65702d41 6c697665 0d0a4163 63657074   ep-Alive..Accept
0x000000a0 (00160)   3a20696d 6167652f 6769662c 20696d61   : image/gif, ima
0x000000b0 (00176)   67652f78 2d786269 746d6170 2c20696d   ge/x-xbitmap, im
0x000000c0 (00192)   6167652f 6a706567 2c20696d 6167652f   age/jpeg, image/
0x000000d0 (00208)   706a7065 672c2061 70706c69 63617469   pjpeg, applicati
0x000000e0 (00224)   6f6e2f78 2d73686f 636b7761 76652d66   on/x-shockwave-f
0x000000f0 (00240)   6c617368 2c206170 706c6963 6174696f   lash, applicatio
0x00000100 (00256)   6e2f782d 73696c76 65726c69 6768742c   n/x-silverlight,
0x00000110 (00272)   202a2f2a 0d0a486f 73743a20 7777772e    */*..Host: www.
0x00000120 (00288)   68796c62 732e636f 6d0d0a0d 0a         hylbs.com....

0x00000000 (00000)   47455420 2f757064 6174652f 6e657776   GET /update/newv
0x00000010 (00016)   65727369 6f6e2e74 78742048 5454502f   ersion.txt HTTP/
0x00000020 (00032)   312e310d 0a557365 722d4167 656e743a   1.1..User-Agent:
0x00000030 (00048)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000040 (00064)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000050 (00080)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000060 (00096)   2e313b20 53563129 0d0a4163 63657074   .1; SV1)..Accept
0x00000070 (00112)   2d4c616e 67756167 653a207a 682d636e   -Language: zh-cn
0x00000080 (00128)   0d0a436f 6e6e6563 74696f6e 3a204b65   ..Connection: Ke
0x00000090 (00144)   65702d41 6c697665 0d0a4163 63657074   ep-Alive..Accept
0x000000a0 (00160)   3a20696d 6167652f 6769662c 20696d61   : image/gif, ima
0x000000b0 (00176)   67652f78 2d786269 746d6170 2c20696d   ge/x-xbitmap, im
0x000000c0 (00192)   6167652f 6a706567 2c20696d 6167652f   age/jpeg, image/
0x000000d0 (00208)   706a7065 672c2061 70706c69 63617469   pjpeg, applicati
0x000000e0 (00224)   6f6e2f78 2d73686f 636b7761 76652d66   on/x-shockwave-f
0x000000f0 (00240)   6c617368 2c206170 706c6963 6174696f   lash, applicatio
0x00000100 (00256)   6e2f782d 73696c76 65726c69 6768742c   n/x-silverlight,
0x00000110 (00272)   202a2f2a 0d0a486f 73743a20 75736572    */*..Host: user
0x00000120 (00288)   2e68796c 62732e63 6f6d0d0a 0d0a0a20   .hylbs.com..... 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f6c6273 2f6c6f67 6f66662e   GET /lbs/logoff.
0x00000010 (00016)   74787420 48545450 2f312e31 0d0a5573   txt HTTP/1.1..Us
0x00000020 (00032)   65722d41 67656e74 3a204d6f 7a696c6c   er-Agent: Mozill
0x00000030 (00048)   612f342e 30202863 6f6d7061 7469626c   a/4.0 (compatibl
0x00000040 (00064)   653b204d 53494520 362e303b 2057696e   e; MSIE 6.0; Win
0x00000050 (00080)   646f7773 204e5420 352e313b 20535631   dows NT 5.1; SV1
0x00000060 (00096)   290d0a41 63636570 742d4c61 6e677561   )..Accept-Langua
0x00000070 (00112)   67653a20 7a682d63 6e0d0a43 6f6e6e65   ge: zh-cn..Conne
0x00000080 (00128)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x00000090 (00144)   650d0a41 63636570 743a2069 6d616765   e..Accept: image
0x000000a0 (00160)   2f676966 2c20696d 6167652f 782d7862   /gif, image/x-xb
0x000000b0 (00176)   69746d61 702c2069 6d616765 2f6a7065   itmap, image/jpe
0x000000c0 (00192)   672c2069 6d616765 2f706a70 65672c20   g, image/pjpeg, 
0x000000d0 (00208)   6170706c 69636174 696f6e2f 782d7368   application/x-sh
0x000000e0 (00224)   6f636b77 6176652d 666c6173 682c2061   ockwave-flash, a
0x000000f0 (00240)   70706c69 63617469 6f6e2f78 2d73696c   pplication/x-sil
0x00000100 (00256)   7665726c 69676874 2c202a2f 2a0d0a48   verlight, */*..H
0x00000110 (00272)   6f73743a 20777777 2e68796c 62732e63   ost: www.hylbs.c
0x00000120 (00288)   6f6d0d0a 0d0a616e 642e3c2f 703e0a20   om....and.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f6c6273 2f6c6f67 6f66662e   GET /lbs/logoff.
0x00000010 (00016)   74787420 48545450 2f312e31 0d0a5573   txt HTTP/1.1..Us
0x00000020 (00032)   65722d41 67656e74 3a204d6f 7a696c6c   er-Agent: Mozill
0x00000030 (00048)   612f342e 30202863 6f6d7061 7469626c   a/4.0 (compatibl
0x00000040 (00064)   653b204d 53494520 362e303b 2057696e   e; MSIE 6.0; Win
0x00000050 (00080)   646f7773 204e5420 352e313b 20535631   dows NT 5.1; SV1
0x00000060 (00096)   290d0a41 63636570 742d4c61 6e677561   )..Accept-Langua
0x00000070 (00112)   67653a20 7a682d63 6e0d0a43 6f6e6e65   ge: zh-cn..Conne
0x00000080 (00128)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x00000090 (00144)   650d0a41 63636570 743a2069 6d616765   e..Accept: image
0x000000a0 (00160)   2f676966 2c20696d 6167652f 782d7862   /gif, image/x-xb
0x000000b0 (00176)   69746d61 702c2069 6d616765 2f6a7065   itmap, image/jpe
0x000000c0 (00192)   672c2069 6d616765 2f706a70 65672c20   g, image/pjpeg, 
0x000000d0 (00208)   6170706c 69636174 696f6e2f 782d7368   application/x-sh
0x000000e0 (00224)   6f636b77 6176652d 666c6173 682c2061   ockwave-flash, a
0x000000f0 (00240)   70706c69 63617469 6f6e2f78 2d73696c   pplication/x-sil
0x00000100 (00256)   7665726c 69676874 2c202a2f 2a0d0a48   verlight, */*..H
0x00000110 (00272)   6f73743a 20757365 722e6879 6c62732e   ost: user.hylbs.
0x00000120 (00288)   636f6d0d 0a0d0a6e 642e3c2f 703e0a20   com....nd.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f6c6273 2f6c6f67 6f6e2e74   GET /lbs/logon.t
0x00000010 (00016)   78742048 5454502f 312e310d 0a557365   xt HTTP/1.1..Use
0x00000020 (00032)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000030 (00048)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000040 (00064)   3b204d53 49452036 2e303b20 57696e64   ; MSIE 6.0; Wind
0x00000050 (00080)   6f777320 4e542035 2e313b20 53563129   ows NT 5.1; SV1)
0x00000060 (00096)   0d0a4163 63657074 2d4c616e 67756167   ..Accept-Languag
0x00000070 (00112)   653a207a 682d636e 0d0a436f 6e6e6563   e: zh-cn..Connec
0x00000080 (00128)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x00000090 (00144)   0d0a4163 63657074 3a20696d 6167652f   ..Accept: image/
0x000000a0 (00160)   6769662c 20696d61 67652f78 2d786269   gif, image/x-xbi
0x000000b0 (00176)   746d6170 2c20696d 6167652f 6a706567   tmap, image/jpeg
0x000000c0 (00192)   2c20696d 6167652f 706a7065 672c2061   , image/pjpeg, a
0x000000d0 (00208)   70706c69 63617469 6f6e2f78 2d73686f   pplication/x-sho
0x000000e0 (00224)   636b7761 76652d66 6c617368 2c206170   ckwave-flash, ap
0x000000f0 (00240)   706c6963 6174696f 6e2f782d 73696c76   plication/x-silv
0x00000100 (00256)   65726c69 6768742c 202a2f2a 0d0a486f   erlight, */*..Ho
0x00000110 (00272)   73743a20 7777772e 68796c62 732e636f   st: www.hylbs.co
0x00000120 (00288)   6d0d0a0d 0a74616e 642e3c2f 703e0a20   m....tand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f6c6273 2f6c6f67 6f6e2e74   GET /lbs/logon.t
0x00000010 (00016)   78742048 5454502f 312e310d 0a557365   xt HTTP/1.1..Use
0x00000020 (00032)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000030 (00048)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000040 (00064)   3b204d53 49452036 2e303b20 57696e64   ; MSIE 6.0; Wind
0x00000050 (00080)   6f777320 4e542035 2e313b20 53563129   ows NT 5.1; SV1)
0x00000060 (00096)   0d0a4163 63657074 2d4c616e 67756167   ..Accept-Languag
0x00000070 (00112)   653a207a 682d636e 0d0a436f 6e6e6563   e: zh-cn..Connec
0x00000080 (00128)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x00000090 (00144)   0d0a4163 63657074 3a20696d 6167652f   ..Accept: image/
0x000000a0 (00160)   6769662c 20696d61 67652f78 2d786269   gif, image/x-xbi
0x000000b0 (00176)   746d6170 2c20696d 6167652f 6a706567   tmap, image/jpeg
0x000000c0 (00192)   2c20696d 6167652f 706a7065 672c2061   , image/pjpeg, a
0x000000d0 (00208)   70706c69 63617469 6f6e2f78 2d73686f   pplication/x-sho
0x000000e0 (00224)   636b7761 76652d66 6c617368 2c206170   ckwave-flash, ap
0x000000f0 (00240)   706c6963 6174696f 6e2f782d 73696c76   plication/x-silv
0x00000100 (00256)   65726c69 6768742c 202a2f2a 0d0a486f   erlight, */*..Ho
0x00000110 (00272)   73743a20 75736572 2e68796c 62732e63   st: user.hylbs.c
0x00000120 (00288)   6f6d0d0a 0d0a616e 642e3c2f 703e0a20   om....and.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.


Strings
..n.
..

080404B0
 8.0 
8.0.0.0
Comments
CompanyName
DEFAULT_ICON
FileDescription
FileVersion
(http://www.eyuyan.com)
IEXT2_IDC_HORZLINEMOVECURSOR
IEXT2_IDC_VERTLINEMOVECURSOR
IEXT2_IDR_WAVE1
IEXT_IDB_STATEIMAGES
LegalCopyright
ProductName
ProductVersion
StringFileInfo
TEXTINCLUDE
Translation
VarFileInfo
VS_VERSION_INFO
WAVE
`#%\.(
<,,,,/
<$$$$$
=!#(+'
 !^(=~
,,,,,,:
;>>>>>>>>
(($$$$<
[-].>\$'
]]"```^]]\
0_0B_?
0_0f^)_
>00h^V
$'06G.
08	IwM8D,>
09 akC[
,/>$0A~
0aBrBn
0^'&cH
0F_p.*
/-0&g7
0hNpLsr
|0hpT!/
0N`_Oj
0P6F"D[
 0@P`p
0PP:&>_
0Q-f*.
.0QFjG*
.<0.t 7
0u; 1u@
0*Vko3
\0V>N5
0WS?Wa
0Wx  }
0ZV\#6
 14.4322-pR|
{1C2?Or
1*c///cN*-*
,1pn6EK+Q
1qD26	~
1#QNAN
1~&Rh	
2340818511d396f6aaf844c7
2a)rc')h
"2BRbr
2C>kn0
2_c/Q*_0'a)
\2CR"Y
2EW k6_3
2HeC.]|&
:2%IS{ZL
2K4OgR
2t7xV&
2wAKdJ|
2XC>N 
2\xgWFgFc
2Zq^"C
34,b1H
/'3~9!
?3B>r*y/
3ET &+
3fiG@"s
3/FQ!n
3\I8u\J9
3L%>Wf
3rrrrv6
 3v6o 
3[wH`k)
4*/*1l
430@VP
45678y
> =4CCD
/4Cn$#
4Cn8gI4
$4DTdt
[@4&DV[
4^F5OG
4hpP%6So
4$,kAO
4 _-MS
4?p7:Liu
4.^T6K]
,4W_1*
|?5^<@
5.1FtiJ
5555555565(
555556(^*5(
&56j~Z
.5<=6/U
5|7^6^`V
5=B& f
&=5D3A
&=5D3AAAAAAFk
.5D.8]
?5G6J`NY
5}:ghV
@5(#-J
5~_NK5
&`5pom
	`5}v.
~~.[6_
/62^?X
632	bL}
)63y[j
660Z.;y
66FnPs
6;6#SM
6^!7a8
6@[8w4$
6ah;vP
^6D:!+
)6_Dkm
6enb.e
&6FVfv
6\g}--
6Jv8z,M
{6K8OZ
6no|&a
6}q~wc)8g
6se|`5/_
6S-Gp!jW
*^)6$u
6^v-'k
6&vk@g
6wE0TWo>fv
&>]6wgeA
6Zy+?j
%`(`&7
707can
*-71o-
\|+?7#3
73>\9Y
7(^*5_	j
7 6[BFC
7`6zW$
777;1$
777777Ga.P1WZZ
|7= ?acQ`aa
7&cNxq
7CW?7A
 7DBBADl
_7~>E1
7hdl8y
	7H+NN
-\>"7k
[7|[)l
*.)7l=
7<N#:.
&7p @l
7@pMNgF
7p_PZ+
7r@	&n~>
'7R?/y
^7S-na
).7%UrlB
7>W[&{#	
7^w4!X
7WFrKO
7xwn6geW
<7>?.y
7YD'y <
7Znio\
/80&&|>
80WVhNn
840,($<
>>8"68"[N
'8) 6a
,[88xsV
8-_bVx
8E769Z3
8gqf	_
(8HXhx
?&[8K~&
8LhL0s#y
8'n&^C
%:8nog
#8Pc./
#8Pc.N
8#V+)1
8_w%-4
::::::90VS
(936kend
93E- F>X
> 95lEB
> 95=OEBBBBBBB6
=\#9A_
9E0W/Pjpi
)9fhX8$
9Mc/-`L++KM
9Mc///T.+KM
9QpO9v	(
9"r0r>rLr
:$.9SI
,9STGDD44
9(u3u;uC
[9{>Y,$
9y&[[0@@
9ySHA`\
9y\Z7u
+**#a%
A|2~ U
{a6W|j
a7NJ3R
%a%8xwo
aaJD>~
ABCDEF
Abjrkff
acAL*_
ACloVH
acnmHt
acQ`aa*
ADn1!~
ADVAPI32.dll
<aeeiijH
,A#$f4
a-f/p>O^1#k
AfxOld
.AG.BN
Ahff2WV`
an&v*.*A
]	`ao._
aoN<`N"
Apry&un
ar%'MDIFrame#
arrrr!
A=u#1af
auiuquo
a-V2N''Z
'AV8[O
aVble; MS
AVEf~/C
AVIFIL32.dll
AVIStreamInfoA
	A vW$
aw6zKN$t$
AX%fI}g_
AyoFm?
aZw^n^
b''''"
B33ECF
B58b0\F1
B,%77M
b7-8gNF0
B983789F62\2cBDFD7D671
bbbbbb
Bd?F}v
Be.4r+
]*bemtri
/-\b?F
Bfo&1M
Bh`OK*
b~isCs
bitD>VQ
B!_JEP
Bl:,AViWh
bLo4oJzovCIMV2
Bm~2- 
Bm@G6N
!B_`$N0	_I
<boxPU
B^ #P8
bPJve+
-B[r7JEG
Button
Bu&U4c
bv<.NX
B.VUTB.
~BwYc?s
Bx?3gNx
B?XvFT/
b)YU?f
BZ@fYo
`c///++
"^c'*_
(_C:''
['''#C
^c?2@*
C2`h#.>U
~<c+4$.X6w
c68uXy8vd
;!c6&c
.c7s,_M6
c8|('J
C#aM4Z
cb7.Pc
~CBBds
&>>CC~
CC',C!m:y
`c//cNf
c//cNfV
ccVqNF
/cf+2GS
@CF`CFPCF
cFkn_+(l
(C	fn.
^^#CGj!
cH	6&.{p
ChooseColorA
|:CHU_2_c/Q*_0'
|:CHUZZ
__]cJ_\
!CJ^a[R8
\CK^&\-=
CK*Q}i
ClosePrinter
@>Cne"
)>C,O9
COMCTL32.dll
comdlg32.dll
COMLvDLL
,cOq#!
Cou.Bh+8N1k	Z
 cpc@@
_^CP)n?
cPoZ/6
CPvo61
CQ}a~h
'-CSO,C?
c/SQ+K
]CTIL/
\CurrLVA\
:-{c;Vc
^cvIf<
Cxf'of
CXXa/WB.
Cz'''':
?"CZAV
cZhl+y
c>?-ZO
#.+.,.d
!|D>	;
\d0596Z87AF8"A3
d+|1^pJ
=D@@2nX
 :D3@@`
<?d@`A
 =DA6l
^+daWup
d>b[ 0
db4 d6e6?
DC6KM.
dCj*>oeK
DCv.n_V
;ddgoq
DePIe#'d
d[f2~~
D-&G6T
#_dH&J"
?Dj))$h11
D'jQI"
DK`;mm
_<D#;l
DLEDF<<
DLL) || 9TARG_CHS)q
dMkS-f
Dn/fO"
DNlkEN|
dO"	a/
dOMXf7
Do>Si*
\&D?P&
DrawDibDraw
DRIFF@l
Ds9(j-6
DS?]&j"
d~"	Up,@
dv.wvff
|{\]=E_
e145e4be
e76~s}
e9Dmx^Lt
e "afx0&"
e+C@K,K&
EditBox
>#EdM7!K`r
eeeeee_V!S(
ef7<DIa&
e_FZu':inv
e]g4WZ
e:GiUjJ
E>G.v~
eHX!.$
E}Kkv.
Ek~n7~
EnumDisplay/Y
'eous.1
!/e))"'p
/e))"'p
E&pNhp5
EP|vCl
(.>^eQ
EQo<hN
:#(ERc
ERMAIN 
'es^D*
e@Sf+(
ES_ G?
'eu~-OV
:ev47e
ewN2Z/
ExitProcess
^E>!ZE26
ez<Ps'
,EzrXc
>f^((((
-<-&>f
'f^)"'$
<+F#2YN
F~3m_& [
F4G}^)!
F7FC1AE
F7%/+ ~vSnR	
f8521B
F&9fZ	e
/FA#>A#
,F^=aIus
'f^B?!
'fbFQ#.5
fBI\~!
fb'O7~
fC?!}6
fc7{%z
 F&#/d,
F&'d6<j
F~D`.r<
f(&	e'
fEn6zZ
ffG	:c'
fF/N'8 
FG/L,a
fgT.EGd
 ;F'-H,
f?h<DN
f_hw-o
Fi$jX3j
.FjejO:
{"FJ'S@@.
Fk!jFa
fLGOLE=TRA`
~FlnR[
 	_fM^+
&fmod7hy0
:FModY
fMW~vZ
F`!^.N
.f.NUst*.
^Fn,VjO
,>F?o$.
f\	o>4
f#O8K!]N
fOfI1Eh
@f:OrO-
;F\^&%Ow
Fp[jJe
FPQXYy
fPs466~oI
fq.N6o
^@fRMl2
FRxawZ
FsCCI%=,
f~=-tCN5Vf
>F^	tR
$//@]fU
f:u?2F
,~^_fv(
*fV\6~
[ fVBX
fV#),DF
fVNTbb
f!VT?b]m
fWk#D2
fwQd|Xo
<[Fx[/
fY $/	
fz3|4~
=F[Znm
:$~'@g
G^2%s0
g6p~f]
_ G8Gm
<G8H4I
G^@>(9[d
Ga.P1W4
(gBN! (``
GDI32.dll
(gd`KX
GetAdaptersInfo
GetProcAddress
>g%F3Y
G:$F?N.<
GG6()`c/+8(
}GGlMv
ggN,i|D
G^H'y6
@GJhG^
G$L7^c
Gl.chs\S
_GLOBAL_
g~oOer
G(*Q////+8(
gq:[?X
%GR#Nhn
grNzI[
g'rrrr
Gu+Ho^
GUP s9[
^gVjM@
gwh Oc'+9
&G)[*X
|gxg-v
g&.zHf
?h`0R,
h0-V#1M\
,H47W;
h6.E2s
_H7KN'
haB~W4
HBTfVl\
H^ c'XC
 heapoO
HelUMS S
hF7OSU
hff2WV`
h'ffa+++
hff''f^L)"^
Hf_~o^
!>.Hh'
H_hOP[x
_Hiv~6
^HjG6S
hkfsY0
#h")L<
h''"^L)"''*
]h.lfR
 Hl"lpor
#h")L)"'p
|H>MC:
H:mm:sVd
HN\fpR4j
h`N*"''"*LL
h(NNNN
-H-	o6
hPB>dP
HpN.@C
hpv4~(
HrCg@b	g
[Hr,gJw`
|H>tg?C
h_TL>-Q
htoDf$
)HTY}YIV*
_H~u?O
hvvN6s
Hw-f"T
Hwlv!d
H:x##6
.hylbs.com/#
>hZGj(jJ
|->~.i
|I+,7N
iC.__?
icAKgQ
IconDreate+S
i`db7Y
i>&=Dd
ie^/$d
I|>eg?
IF89a7
i&,}_g
IGHTDOW
i(I7O^-
IIHf^n
@iKA>v,
i':l6v
ilJ&.Nkf?y
IMERNS
InternetOpenA
iphlpapi.dll
i~q%D`
`IRw.j
i* R	Z
IsDBCSLeadc
j''''*
J<0Fv^
j27bb20fd
j$6pi5
:&	]j7f
J|7Pf3
JA.	h.2
J#a*hVna
`_(.jb
^jb2[*M
`'J;Bb
_j!B)>NEY
	]jBV66
jCRQM3$
je/uF]p
j'$$$fffa++xP111
j))$h11'*)]
_Jif !Sd(;_
^'jJM&
J.lvd&U'
 J`N/A
JN*C/Po
joaFVO
]j%OXh
JphV5R
 jQ_.W
-jr9#nNLxg
,jrB#M
jR?!gO|a
JR%/$mb
)jrwNX@
!j&|rz)
j"T*.#
jvC6w 
>jXf,2vK=
jxW)6.
|jZNB2
[,:~K]
k2L&|+
^K#3G40Z
$k3V2!
(_>$K52,
k6U.S;sJ
k7V;,0,27h'J
KBusy5
	KCA~n
kCExtDI
KEO6.'
KERNEL32.DLL
KFromQ
KG24D^y
K`g^-9
kgf>KO
kGv_Rx
.`K^`h
K/Hh$~O
+;K[k{
]@k/nG
KNsoI*
#[_#K?O
K#Q-%G
kV#;;;8#V+)1
Kv\+AC
_KVckL
kwR~K&
k!X,=====<0V!+
kX1NV@
KxN&p)
K_?^	y
_~}kY"f?
l'''',
l&[?/[
!)<L~_
__$>L`3
l	68Wv
l6]NdJ
L6t{c'v
?l$^7{
LANGUAGE 4, 
-LanguaP
Layh +A
LBSc-exe
_L}D6FCc
LDJ|;Lr
&LdNl3
l& eNc
lF_0ZN
^/LFW+|
&LHeI6
:LHlnN&
+LH?N**QP
lH_SCROLL_
>l%jGA
LjPY#7
ljQV~f
l	/LGu>f
LL`XX'
L#!<m\
/lnn :CB6
LoadLibraryA
lOgf4M
?lom)(C
L,<Ph~
>lpnf_
lq-p?@O
LqS.VvirdBf
@Lr&eo
l@s"EqR
lstrcmpA
lUCCCCCCCCC(
\Lw6A x	
m2,$~~
M]&2O'
m3My	1
MA_hISiCCP
Manebru
?MapDT
<Mcc/Q*L*PM
-Mc/////++M
<McN)`..`KM
@_MemVySy
>Menu?O
m]{fh^
M||[?G
?M\J~O
(mlrl_D
{MlUb@
-=M]m}
&\m.~N
}m\nCZ
M/ni#>
m	"[npD4
<M_^:O
Mozilla/4.0 (
<MQ`))`.+PM
mS`0P~
.MSVCRTg
MSVFW32.dll
Mu/fv(
m| unf 0.15
&MvPZ<FV
;MW7 <)
:*mZi3?zF
`),_n)
$_\[n#
 '(N`/
N>[+/?
n1&vKi
N*_2p'Cg
|n31(3C.
{N46TjQ
n6S-G*
 ]N7b310V
N94P:/
Nc(~.(
{n	C&' G
Nc/SQ+K
~NCzm\
>ND80AA4
N.DC6,
nd]hlZ
N"du4^
N	D#yO
.NE CLR
.ne!mz
NeOV9c5wo
neW9!V#s+
NGuA/kcG
N&GVi|a
<nhA6~
NH^FTC
N.hW1q
Nh.xn:
[nI&6pU
Ni8ckNo
nio;ass#
N~I]!t
.Nk^ 	
N[KK-^
N}kn0F
NKO?{~
+N*#L~
NLIN8DELE
N&l~NC9
NMJ&]Ze
~N^\N<
NN06S	
&:Nn.k
^Nn~kk
NNN&KC;
[n[n[nWWWW
NN@oBC
*n!N.t
Nn'vo[?H@
nO2>7J
=No["8v
Np!<>^
/\`Np0
nP>!'C
NpeG|%
\NPFhC8
npmc8Z&#l
"np#%u
NQ**-`;
N-Q`)NP
N**Q/+P
^nQQ`5
@=)`Nr
<:NS7vn
`nV$N-
NW a%(>F
Nw#+Ga
n%W@WH
nW,Yv~_[`
<"n#y$
nY)^g{
NZNZJw
$o/>$%
_-~O[;
o~^34P
O4wIh8
o7BzsE6l
O8_zzKAw
o"	A|`
~O.A`!
>OA&0Q_
oA"]/6t
OA8L?6
o,_AFX_NO_SPLITTER_RESOURC
Oa)Md@n?(
OAVERSION
.+ObK2
Ocijr?
oEo!]/
o^es Vo
oF0n:\
o,fd!,!-
oFFspCALspH
oggo_X
ogoff.txt
@ohPB^0
`oJXf~
ole32.dll
OLEAUT32.dll
oledlg.dll
OleRun
o%Lx$&.	O4
o[!M&?
om7O5w
O^mDHJW
omPoiub
OM/xA	.
 ~?OnnAw
ONNN#r2
,OO-e^
o~Og0\
ooo$${
ooogV1)
oP484u
OpenEv
 OpeWS
oR/["@
OResour
OrViewo
^`;*OS
O'Tc%C
otcsdS
!#oT$F%
O!uHRF_
~?-O.v
`OvpnW
oVW.RU
o/\W=G
OwoKu*
(&>Ox+
OxpLaDp
	O~^yI
p/3	)%
p5NjF3
p}*67@
P(7_t	#
>>p9)n~
PatBlt
(pB/^vN
pC0jWI
pd-z&g
pEf5OT
pf''#Gxf
pfopwg
, P'F\Sysc
&p`h[e&
P#includ
|PjR7v
PKvkG;
PlaySoundA
pld\TU
<p=l>h<
Pna_!p(
~pnKh7f
<pnVnQ
pooo$$$$ff
p&PEV0
_"pppppp
\PPUU{
#pragma coH_
ProcessWorkrg S
PROPBTYG
 PT6\D(ktob
P TarBtU`'4>xsa '432_
P` Tf'
_	pTy ;o
&pu*?Ax
_puke4A
PVllllllllllllZ
/pVtp$
 PVTqo%TX
p>vVCZ>
PVZZZZZZXW2222
@p/__W;
P`wA?0
pwFr0"
PxNonwy)
- ^@q'
~(Q0}F]F
?Q1g$6
q1rrrr
&q4qBqPq
Q\ 4W%
 .q5"K
Q^\7JE
q_(@`CCo
q.@[F^_
+}>qf6\	
qjz~fo
Qkkbal
"Qkv7N
^qlqzq9r
QM**Q///+PM
Q%MU	x,
:?-Q`)N
\[q_OHr
#QOOK:
qp"Kx	v
qr!''1
Qr GLh
[\qS[))\
<q[U<Y
qvDFT-
qV?h c@
QzV%&b
$>{R^}
#r''''2
#R6028
&r8{\uN
RASAPI32.dll
RasHangUpA
RAtfHE
+{r`[C
>rC&Wx
$R<DJvV
r#E28W>
?[RECCCCCI
RegCloseKey
?[RE_I
r"hfP?AXS
>Ril\6
Rl[I<1
r[L:u+
[R mz7Gf
rnJ;6~;
Rr'ejK
)RRi~sR
)~>rrrr
<`@rrrrdDhHrrrrlLp0rrrrTt4X
rrrrf&
`[R@T7
r> T8=
R!TEBBBQ
Rw[@bG
$r%WrxdP|r%W<(
r"XH8	
 S2AMe
s2%z:a/3
S6.pun
$]s;7<
s8DJaO
s&9QC$
Sav~$&
sC<3wk%C1v
SdMj~g
s&`Fo"
SF+VZi
sF=Xp8
\*SGB>)I.
SHELL32.dll
ShellExecuteA
SHGi4jJ
SHLWAPI
^shockwa
]<%/S[I
si!9, %e(
SMN}?@m
sN@6NF]
sN7K"]
SO?emE
'SOFTWARE\MRros
[SOIm4
!s&ONfP
-s>qHXPGf.@
srx8V>EuM|3
s#S#'"
SSF[F7
sSZM/W
sTfCZ&YzWP
[`s?@V
S'vCy	G
?S$vn^
S.w[~)[
>{S$*W
S;x8NN
sZ\8E*
SZNZ:@
"	+t^.
;T												
t0J+y6
!T^0~WH
^T1wi\
't-*34
T6*QT8>
t[7y.C
T8555V.!ZZ
t.`_+9
\ta:7pro
tA|{r)
tdP>2i
TEvt>v/
|#t#H"
!This program cannot be run in DOS mode.
Th$s'Wed
tialize
TimerE
T>\N]F
T'NF^N(
t?@NXNX
TNX\W8
TOFsbPo
tOX(j!
t#TI:V}Hv
ttT=OO5<WuYe!=CCCCCC6a!Z
ttT=OO5<WuYe!=Cj
TTTTTT+V!S
?TT,X>N<[v(^
.)/t<u
*t@?%v(Q
_tvvixU6
twsCH6
<TXCj;
>t~xhv
_T.$/y5
tYtHO?
t~yUt`
tZQ%GF
T^*+Z#r
?u='@^
U0/w)2'
u1nhfff!VT)
[U5D3@@@@I
U6M^_M
uf*6,'i.f
U)/fM$jO
ukZ[Gaos
u.m+++PVVTb
uMw\c'
UNG>O^
uN>K#|
unrg0<
U&:."o
#!.u^P
'*)]=uqu
Ur!C8<
Url HttpQu&y2fo
USER32.dll
_utf,^
UUUUgg
$?v>$} 
v'^_',
*V2uesRe`
($^@V.3Fp
V3TNkUL3
<'''%v6
V6omW9G
v6&T*nxG"
:@V76#
V(79Uf
%.&[V8
V8y[N8
.v9VJh?
v$#|A.F
v@BFWX
Vbh@&^
v{CAj	
VCJpd>
|&[:v$F
V>.{f&}
v&F&^c@
Vfw9t"
Vg1111
VgC)1c
"Vgx@HI
@V`{h{
v"|iLL
VirtualAlloc
VirtualFree
VirtualProtect
 VisUC++ R9Li
&\v@iy
\vJb\0
\|VJM 
'_vjw6
vk@V52F2600
 vkzfB
$&VmC#
]VMdMl
vMNo/Q
?'$:vn
vN"iwe&
V@nl .@$
Vn.o/{
vnoH}E
vn,p)L
V^nSG)
Vp#H/v_
_vpNla?
^Vq +Q
	vrrr^
vvia-V2N\
v'v/vm+
v&VXuwwq
`?vwBN
^Vx LP
VXS6wX36
&(VYh5
vYYYYYml
`V.!ZZ
W2`sc'0
)W3Nik
w3|..pM
w ]/4N
{W6yH!
w7rr!'
)#W^[#A
W}BI(nn
wE] /B
#WebBrowsG
We//*L)"pppp
/wF9~-
(=.+wg
$`#wG(.	
`Wg&200
W_G6()`cY
W+g8zW
WgJXi<B
w{g;Of
~&w*Hq
WHw	jG
W^INC6
WININET.dll
WINMM.dll
WINSPOOL.DRV
Wl[3A)#B
&WLWC}
WM>L~cg
wn5#N>/
`wnG}F4
wN^NO.O<W
WnQ	y#
.wO(h@K
W,OO-e)
~w#"Ou
woxcsm
 W p[.
WpM^zgi4
WP--QN
w&>q/G
WQ#n?xP
W,r#[C
W\*S0;G.;&.
WS2_32.dll
>W%sN%
_WT<B^
}wTPR'^n>
w't.S$N}&
w<Vi?)
%W `@%W
Ww7?`66
wwwffg
wwwwpx
wwxwwww
/x1_1.!
X4NF^N4
X5p'wx@N
x@8ENf
x9c5B1
~XAOCQ
?xAPCNwY
XC6K'F
;X?ewd
X\fFpQj
X(=f`gV\
X fHm __InNne
$x_fnHp
xfYYYY   
,XG&36B
XHca)6
XKJoQP
#.x$]LI
,x,ly.y
XPH@80y
XPTPSW
.-XrI(
xsTpGdi
x&?T$_
XT5555566
XT5G6J`N8
XT6*QT/+8
;X&TLD
xwwwxp
xwwxxp
x-xbitp!k
xxwwxp
XY1fd_
XY1fd_b
XY	\VVg
xzwCbo6
+Y067o
y0ChoW
Y4&h3x
y9:;<=<
Y9@H#1
y9tbG/
=Y`,>a
+y^a^ag
yDaN'p<
ydRB. iG
% /Y@.dVX
yER.8yl
YeV1e"
YeV1e".
{Y&<F6
y~F7#a
y<FA!)
(YfC;Q
YfP0Pi
y@[~h[
YhOf_p
yK&.o#
Yk VUnl
yl\J&8$
y|lZN8
yMBZ&9
yNnO"8
Y_N~##o
YN{_X3
ypDu;%
\yPLTEbKGcHRMgA
y:QF)y
Y/sBIT
Y!VD&FP
~YV.sM[.
YVVVVY
'yv[XO
^{y Wu
yxX?EV
YY]]a<
<yyuu|
y|&yy4
YYYYYY
YYYYYYY
;Yzpio|g
Y%ZV{@
'''''z:
	*Z2^~
)z6N^{T
`%zA_[
z	'\'B
'ZDj,}c
Z#%GQ/
zHhFgs
zk'BS$
zO {B.
ZoFe;9
#Zrhrvr
z+SO3#V
z{sSHh
Z Stapard
zvC^oS
z vd	w
Z`v;g0^
<@%_Z:W
Zz>^2i
&\ZZAu
;ZZWWWWWW