Analysis Date2014-10-28 09:42:31
MD53fb0eff5358fc9192986d46947faf259
SHA1d9781a1c1b733bf1d8c078ed2eb0d419c33f1f17

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: fc7eb8d7a8aec85e6919ec0709c74ea7 sha1: 96780f76c797aaec4e5698a30bbf74d129e83b1c size: 116224
Section.rdata md5: 31472eb97ef3a61e1cd592ec4647b970 sha1: 0cf577c5c209cdd09eb1931baa0b897f6e7293ff size: 1024
Section.data md5: cdd928a2f1d1339ab3eed501d8308011 sha1: ae006bfca087778a40fe6b5409e4170c9177ae5b size: 71168
Section.reloc md5: 44e3d10f2448593ddbfbcebb8bdab1bd sha1: b4c6c1a9508fd15fbd0a5a8c29c9789cef83b112 size: 1024
Timestamp2005-11-30 08:51:19
PEhash10081440fe6b42dd105cada4e9e651577234c4c8
IMPhash5574015ba499c9571ac74eb0188aac37

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
1
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load ➝
C:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Application Data\75DE.FFC
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates ProcessC:\Documents and Settings\Administrator\Application Data\dwm.exe
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Application Data\dwm.exe%C:\Documents and Settings\Administrator\Application Data
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft
Creates Mutex{4D92BB9F-9A66-458f-ACA4-66172A7016D4}
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutex{61B98B86-5F44-42b3-BCA1-33904B067B81}
Creates Mutex{0ECE180F-6E9E-4FA6-A154-6876D9DB8906}
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutex{5D92BB9F-9A66-458f-ACA4-66172A7016D4}
Creates Mutex{B16C7E24-B3B8-4962-BF5E-4B33FD2DFE78}
Creates Mutex{B37C48AF-B05C-4520-8B38-2FE181D5DC78}
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates Mutex{6988405C-71C3-427c-975A-0398706E79EE}
Winsock DNSfreshmediaportal.com
Winsock DNSresetmymemory.com
Winsock DNS127.0.0.1
Winsock DNSjapanesegreenteaonline.com

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe%C:\Documents and Settings\Administrator\Application Data\Microsoft

Creates ProcessC:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Application Data\dwm.exe%C:\Documents and Settings\Administrator\Application Data

Creates ProcessC:\Documents and Settings\Administrator\Application Data\dwm.exe

Process
↳ C:\Documents and Settings\Administrator\Application Data\dwm.exe

Network Details:

DNSjapanesegreenteaonline.com
Type: A
66.117.0.221
DNSzonedg.com
Type: A
141.8.225.80
DNSzonedg.com
Type: A
141.8.225.80
DNSresetmymemory.com
Type: A
192.155.89.148
DNSfreshmediaportal.com
Type: A
HTTP GEThttp://japanesegreenteaonline.com/assets/images/greentea-cha-1.gif?v12=99&tq=gHZutDyMv5rJeCG1J8K%2B1MWCJbP4lltXIA%3D%3D
User-Agent: mozilla/2.0
HTTP POSThttp://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfVsS%2FT5wug%2BtygfvO7H33Hhbj%2Fh7sbedf1sSvT8t65i9hlL9PmxqXH0bF%2FmiMWrdPd5SOeikL50gB9K5PLNq3eFGjzh%2F8DdAYdrT5WO0alxtygbpb6HvnSAOQij%2B8yjYvEaSvT%2BsqtSr%2Fe%2BV5ZuRg%3D%3D
User-Agent: mozilla/2.0
HTTP POSThttp://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfVsS%2FT5wug%2BtygfvO7H33Hhbj%2Fh7sbedf1sSvT8t65i9hlL9PmxqXH0bF%2FmiMWrdPd5SOeikL50gB9K5PLNq3eFGjzh%2F8DdAYdrT5WO0alxtygbpb6HvnSAOQij%2B8OoYvEaSPT%2BsqtSr%2Fe%2BV5ZuRg%3D%3D
User-Agent: mozilla/2.0
HTTP GEThttp://resetmymemory.com/blog/images/3521.jpg?v33=71&tq=gKZEtzyMv5rJqxG1J42pzMffBvAo1%2BjbwvgS917W65rJqlLfgPiWW1cg
User-Agent: mozilla/2.0
Flows TCP192.168.1.1:1031 ➝ 66.117.0.221:80
Flows TCP192.168.1.1:1033 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1034 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1035 ➝ 192.155.89.148:80

Raw Pcap
0x00000000 (00000)   47455420 2f617373 6574732f 696d6167   GET /assets/imag
0x00000010 (00016)   65732f67 7265656e 7465612d 6368612d   es/greentea-cha-
0x00000020 (00032)   312e6769 663f7631 323d3939 2674713d   1.gif?v12=99&tq=
0x00000030 (00048)   67485a75 7444794d 7635724a 65434731   gHZutDyMv5rJeCG1
0x00000040 (00064)   4a384b25 3242314d 57434a62 50346c6c   J8K%2B1MWCJbP4ll
0x00000050 (00080)   74584941 25334425 33442048 5454502f   tXIA%3D%3D HTTP/
0x00000060 (00096)   312e300d 0a436f6e 6e656374 696f6e3a   1.0..Connection:
0x00000070 (00112)   20636c6f 73650d0a 486f7374 3a206a61    close..Host: ja
0x00000080 (00128)   70616e65 73656772 65656e74 65616f6e   panesegreenteaon
0x00000090 (00144)   6c696e65 2e636f6d 0d0a4163 63657074   line.com..Accept
0x000000a0 (00160)   3a202a2f 2a0d0a55 7365722d 4167656e   : */*..User-Agen
0x000000b0 (00176)   743a206d 6f7a696c 6c612f32 2e300d0a   t: mozilla/2.0..
0x000000c0 (00192)   0d0a                                  ..

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   56735325 32465435 77756725 32427479   VsS%2FT5wug%2Bty
0x00000040 (00064)   6766764f 37483333 4868626a 25324668   gfvO7H33Hhbj%2Fh
0x00000050 (00080)   37736265 64663173 53765438 74363569   7sbedf1sSvT8t65i
0x00000060 (00096)   39686c4c 39506d78 71584830 62462532   9hlL9PmxqXH0bF%2
0x00000070 (00112)   466d694d 57726450 6435534f 65696b4c   FmiMWrdPd5SOeikL
0x00000080 (00128)   35306742 394b3550 4c4e7133 6546476a   50gB9K5PLNq3eFGj
0x00000090 (00144)   7a682532 46384464 41596472 5435574f   zh%2F8DdAYdrT5WO
0x000000a0 (00160)   30616c78 74796762 70623648 766e5341   0alxtygbpb6HvnSA
0x000000b0 (00176)   4f51696a 25324238 796a5976 45615376   OQij%2B8yjYvEaSv
0x000000c0 (00192)   54253242 73717453 72253246 65253242   T%2BsqtSr%2Fe%2B
0x000000d0 (00208)   56355a75 52672533 44253344 20485454   V5ZuRg%3D%3D HTT
0x000000e0 (00224)   502f312e 310d0a48 6f73743a 207a6f6e   P/1.1..Host: zon
0x000000f0 (00240)   6564672e 636f6d0d 0a557365 722d4167   edg.com..User-Ag
0x00000100 (00256)   656e743a 206d6f7a 696c6c61 2f322e30   ent: mozilla/2.0
0x00000110 (00272)   0d0a436f 6e74656e 742d4c65 6e677468   ..Content-Length
0x00000120 (00288)   3a20300d 0a436f6e 6e656374 696f6e3a   : 0..Connection:
0x00000130 (00304)   20636c6f 73650d0a 0d0a                 close....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   56735325 32465435 77756725 32427479   VsS%2FT5wug%2Bty
0x00000040 (00064)   6766764f 37483333 4868626a 25324668   gfvO7H33Hhbj%2Fh
0x00000050 (00080)   37736265 64663173 53765438 74363569   7sbedf1sSvT8t65i
0x00000060 (00096)   39686c4c 39506d78 71584830 62462532   9hlL9PmxqXH0bF%2
0x00000070 (00112)   466d694d 57726450 6435534f 65696b4c   FmiMWrdPd5SOeikL
0x00000080 (00128)   35306742 394b3550 4c4e7133 6546476a   50gB9K5PLNq3eFGj
0x00000090 (00144)   7a682532 46384464 41596472 5435574f   zh%2F8DdAYdrT5WO
0x000000a0 (00160)   30616c78 74796762 70623648 766e5341   0alxtygbpb6HvnSA
0x000000b0 (00176)   4f51696a 25324238 4f6f5976 45615350   OQij%2B8OoYvEaSP
0x000000c0 (00192)   54253242 73717453 72253246 65253242   T%2BsqtSr%2Fe%2B
0x000000d0 (00208)   56355a75 52672533 44253344 20485454   V5ZuRg%3D%3D HTT
0x000000e0 (00224)   502f312e 310d0a48 6f73743a 207a6f6e   P/1.1..Host: zon
0x000000f0 (00240)   6564672e 636f6d0d 0a557365 722d4167   edg.com..User-Ag
0x00000100 (00256)   656e743a 206d6f7a 696c6c61 2f322e30   ent: mozilla/2.0
0x00000110 (00272)   0d0a436f 6e74656e 742d4c65 6e677468   ..Content-Length
0x00000120 (00288)   3a20300d 0a436f6e 6e656374 696f6e3a   : 0..Connection:
0x00000130 (00304)   20636c6f 73650d0a 0d0a7563 68206669    close....uch fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f626c6f 672f696d 61676573   GET /blog/images
0x00000010 (00016)   2f333532 312e6a70 673f7633 333d3731   /3521.jpg?v33=71
0x00000020 (00032)   2674713d 674b5a45 747a794d 7635724a   &tq=gKZEtzyMv5rJ
0x00000030 (00048)   71784731 4a343270 7a4d6666 4276416f   qxG1J42pzMffBvAo
0x00000040 (00064)   31253242 6a627776 67533931 37573635   1%2BjbwvgS917W65
0x00000050 (00080)   724a716c 4c666750 69575731 63672048   rJqlLfgPiWW1cg H
0x00000060 (00096)   5454502f 312e300d 0a436f6e 6e656374   TTP/1.0..Connect
0x00000070 (00112)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000080 (00128)   3a207265 7365746d 796d656d 6f72792e   : resetmymemory.
0x00000090 (00144)   636f6d0d 0a416363 6570743a 202a2f2a   com..Accept: */*
0x000000a0 (00160)   0d0a5573 65722d41 67656e74 3a206d6f   ..User-Agent: mo
0x000000b0 (00176)   7a696c6c 612f322e 300d0a0d 0a210a20   zilla/2.0....!. 
0x000000c0 (00192)   2020203c 2f746974 6c653e0a 20203c2f      </title>.  </
0x000000d0 (00208)   68656164 3e0a2020 3c626f64 793e0a20   head>.  <body>. 
0x000000e0 (00224)   2020203c 68333e54 68697320 69732074      <h3>This is t
0x000000f0 (00240)   68652072 65616c2d 6d6f6465 20746573   he real-mode tes
0x00000100 (00256)   74207061 67652e2e 2e3c2f68 333e0a09   t page...</h3>..
0x00000110 (00272)   093c696d 67207372 633d226c 6f676f2e   .<img src="logo.
0x00000120 (00288)   67696622 3e0a2020 3c2f626f 64793e0a   gif">.  </body>.
0x00000130 (00304)   3c2f6874 6d6c3e0a 0d0a                </html>...


Strings
M
...
.Q`.
@.
.

080904b0
1.0.0.1
1423
FileVersion
&find
&Find any        Alt+F
PrivateBuild
ProductVersion
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
```````
```````````
``^@   
``$@@&@@
``+$@@
^^^^^^^^^^^^^^^
^^+++++
~~~~~~~
========={
===;;;
=|"``	
>>>>>>>>>>>>>
|||||||||
  .``+
 @@,``
---------
--------------'''''''''
-.``"``
,   ``
,  .  
::::::::
???????
////////
......
'''''''''
""""""::
""""""""""""""""""""
(``*``
(((((((((
)))))))
))))))))))
)))))))))))))
)))))))))))))))))
]]]]""
]]]]]]]
{{{{{{{{{
}}}}}}}
@@ @@~
$$$$$$$$$$
\\\#############,,,,,
&  .``
&@@(  
######
%%%%%%
++++++++
						
0000000
000000000+++++++
)))000000000000
00000000000ZZ
++++++++++  0000++EEEEEEEEE
0MrjQz)
0Rt_`M}P3
``(  1
111>>>>>>>>>>>>>&&&&&&&......
111111111
11111ttt44
111XXXXXXXXXX
1c~I+}
1f@f##
1fTvpS
1*``iN
1~qOXW+
1Sf"dz
1#[sVD-
1uo5}!
$1z+$;2
20f7uH
2222222!
2222eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
22?????ppppp
@@2BhMM
@2c,q]
2d'*@@
2Fbd$  "``\\u~,``T>
2HR;??
2J=ABm
2p$-2=l=<K
2/]w>&``
2=xQ'=
 @@3 ``
333333333
[[[333333@..eeeeeeeeee
  3_9s
``+3ey
3^M]?cR
3z$@@7
(@@,``4
(@@"@@4
#{4&  
44444444444
4<*``a ``
]4c:2-|
4eY_g+
*@@4)T
555555
555555555
555555555555
55555555555555
55555555555555555
5555555555555555555555555555555==+++++W
58+V$``\
|5(  A0e
}|5`.``i
5vm7MK-3
>>>>>>>>>&&&666ttttttttss
.@@	6?9IX
6iY,  
6{J_K0
6&  r4:
[:6/t+
@@)[6z
'7h5W>{h!
`(@@7N
7S$``dd
-;"@@8
8[.``#
8888888
88888888iiiiiii
8bwA/O
!/8#gG
8|*  J
8kj.  X:=
8QQQQQQQQQ
8r_j[.  
  )*``9
,  `!~9
9%2t}E
=93'465
9999`````````!
9999\\\
999999
99999999
9J @@u
{a+&``
  a3;X:8'
/A#){a
aaa################
AAAAAAAAA
AAWoi/.
@@*@@AdE
+AiL#Nn#4
A'_iS"
,  a%jG
)aj*Z)y
AlphaBlend
As"``w
aU?{~Y
^a|zcd
a"``zo
b"@@,@@,``
b0FPrs
#b;{1gY
,|b2OQ
bb.....
BBAAHHHHHHHbbbbbbbbbb
@bbbbbbbbbbbbbbb
BBBBBBBBBx
b(@@e.
BfCutz
	b(QA.
bq=X:@9c1
B,  sQ
b"``T)e
@@bVV3
BzhcWX
c(3IlQs'4s
~cC.  
ccccc^^^66
CCCCCC&&
==CCCCCCCCCCC
cccccccccccccc
c;dd=F/d
c\;jmf8
ClipCursor
CP &'1<
-C+PH?
CreatePopupMenu
c!zeQ!
=cZ|QB"
	^d*``
d~*``-
@D0Iin
$  (  D6
d9'%m7D
dA=>g<o
@.data
Db'Xq;
ddd<<<<<<<<<
dddddd
;;;;DDDDDD
ddddddddd
DDDDDDDDD"""
dddddddddd
ddddddgggggggggggg             
dd/rBBB
DestroyMenu
DH5{hZ%8
dHEEZm0]Lh
,@@DLbA
  dum[=
@@|_dV_
"""""""""""e
["  ;E
-,ea$+
#EAw   
*@@Eb*
										EE44444
++++++eeeeeeee*****`````@@@@
eeeeeeeee
^^^EEEEEEEEEEEE4444
eeeeeeeeeeeeeeeeeeIIIIII
*EeL)%
ehEk]_
+eI7$  
E(``'j
ej|=<uwy>x
E@OIZ["
Eo>zNV
[-ES\LKy
eT%wF~
`eV2@=
eV-F{.
ExitProcess
	f0[pb
ffffff
ffffffffffffffff
fffffffffffffffffffffff
fffmmmmmmmm
||||||#########ffhhhhhhhhhhh
FindWindowA
F=KLbKmVb
,@@Fl	*
F%lEx5JZ
FlushInstructionCache
@@fnY}y
_"fqYW
![FWdh
Fw~urb
f`zwhd=o
g0]utG
<.,(;g5
g$\5`E
G/|8Zqm
GdipCreateBitmapFromFile
GdipDisposeImage
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImageWidth
gdiplus.dll
GetDesktopWindow
GetModuleFileNameA
GetVersionExA
]g[Fv{{
GfWLDQ
GGGGGG333399
GGGGGGGGG
GGGGGGGGGGGGGGG
GGGGGGGGGGGGGGGGGGGGGGGG-----33
GGGGGGGGII
G/O@F1
,]<GSd}
|=~g!VZ
GX.~.j
   h$@@
%+&``H
hEB|qY
hh#bdt?
####HHHH
hhhh7777
hhhhhhhhh
HHHHHHHHH
HHHHHHHHHHHHH
hhhjjjjjjj
  hkeIw
HkY|s;
h*``Qj
`H.``R
HsN@.  
``&@@i
+Icb[Q\   K
(  IG8
Ig,@@k_	
			iiiiiiiiffPPPPPPPPPPPPPPPUUUUUUUUUUUUU
iiiiiiiii
IIIIIIIII
IIIIIIIIIILLLLLLLLLLLLLLL
i#(I]Y
[)iN,@@:
-IPoYQ]c
I_RpcFreeBuffer
``I,``t
}i&@@V
.(iwIC
)_#ix#
@@j.  E
J=E7Ry&i
JeroN#
j^FpRO
``ji&``
JJfxl{"
JJJFFF||||||||||
JJJJJJ
JJJJJJJ%%
))jjjjjjjjj
jjjjjTTTTTTTTT?????
j=kzWZ(
j @@L$@@
-J`LRr
Js.9h-
Jw	2:"@@R
,  JxiE
``k5Sz
k74f6e@
K?8p	_
K!9qv3
kCCCCtt
KERNEL32.dll
%&@@Kh
Kh69j	
kkkkkkCCCCCCCCCC
KKKKKKKK
kkkkkkkkk
#####kkkkkkkkkkkkkk
KKKKKKKKKKKKKK33333333333333333
kQp*``
,  KS*  
+k'y%7
{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{KZZZZZ
``L @@
@@\_L6
l6eL#1
l7Y!ML
L@}}bS
lFQXi&[j:Y`
LfVkZ.
lfVN/8
_Lj(@@_BI}
lj#LjC
@@L,  L
`LLL**********    gggggggggg
llliiiiiiiiiiiiii
LLLLLLejjj
LLLLLTT
LoadLibraryW
LocalAlloc
LocalFree
lr"  E
lWbiqG~
@@lXTfQGvX
|L>yrU #`
!!!!!!!!  m;;;;;;;;
@@M&  
m2+)FV+
,@@m~3A
M&@@`7G
@@m/83
mADm:r
mC2&  
Mcrr@8a
   md"  
]mg=81
MH.  DK
  mM62nJH
mmmm.......
mmmmm        
MMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMM
MSIMG32
mWs]l	z
;% ``N
N[6TTZ
n\AKJ7y
N(@@c+E$
NHb[wEb
*@@NHl
nn&&&&&&
NNNNNN
nnnnnnnnn
NNNNNNNNNNN
nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnXXXXXXXXXXXXXXXXXX########{{{{{{{{{{~~~~~~~~~~~~~~~~---
noeSY}
~N=p|f
  Nr0+.
nrrO&``{
  nsmK
nV:/ST
o+#[/	
.@@o2z
)O3Cjs
O7\i   5-F
@@O_9b<
Oen,7{
oH_;f(@@
ohPAPI
OjI:;jP
ojOMR2
@@OjqW
oooooo
^^^^^^oooooooo
ooooooooooookkk
(OP	F]
O).``u
oxdX<_
OZv@Qa
=-p&  
  }P!*@@
\P"  (
p*@@1R
p2P.``
$  p3wp
Pb+|!*@@
P,EFe'
:PeIZn1
P"f\o^
P+hKP$
!PJ^i@
pn6$``
@@poCz
 POU&Q
PPeeeeeeeee
pppppp
pppppp/zzzzzzzzzzzzzzzzZZZZZZZZZZ
(@@pR"
$``pt~UOR
``q&``
$  q	/
%{[Q^=
q3+"  
"``Q'B
Q	+b)h
qb<#kW	
=Q(  H
qJ0->X
qk)$  B
QQQQQQQ
QQQQQQQQ
qqqqqqqqq
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
"qtA+:i
Q^zk:n
r},  7
R	b*]bG
`.rdata
RedrawWindow
.reloc
@R&&fd
`R*``L
RNe*@@^
|-RO3[
RPCRT4.dll
rQ28NU
,rrBTa
Rr$  m
RRRRRR
rrrrrrrrrrrrr
RRRRRzzzzZZZZ
R=V.@@
R!wB<>
`s8H.``
"@@SaZ
sByIoE
SetLocaleInfoW
(``)sl
"@@S\p
SSSjjj
SSSSSSSSSSSSSSSSSSSSSSS
  ST%2
STEUw&
SUsIXR
:S.  x
#T.@@>)
@@={t0|
T1@]:	
``t7 @@
:t\7"=
&%(TcGNq%
.``\Tf
!This program cannot be run in DOS mode.
timeGetTime
tq6']z
TrackPopupMenuEx
TransparentBlt
^tt&  
ttttGGGGG
&&&&&]]]]]]tttttttt
`````--::::::::::tttttttttFVVVVVVV
TTTTTTTTxxx##########dddddd
*  TYn
T	Yw$  
,``U'~
&@@:+U
U########
u9|?aA%	\f
@ucM(@@y
u<F7iui[>$``
UGpn?i`
uKL8vTW
USER32.dll
U,TeD5XF
UtZT<s
UuidCreate
uuuuu222
;;;;;uuuuuo
UUUUUUssssssssss
uuuuuuu
uuuuuuuu
UUUUUUUUUUUUUUUUUU
 u{**~v}p^
VbZ ``
] @@v>D-
v(I[9,)
V;ivfXe
)#V,``oc
v_oy-2h
				VVVccccccccccccc0000000000000
VVVVVVVV
VVVVVVVV               
VVVVVVVVV
vvvvvvvvvvvvvvvvj
VVVVVVVVVVVVVVVVVV
vwErj_
  vw<yX
V_yRh;
``$``w=
"  \$  w
``(``W
WINMM.dll
W+i ``y
w>]N|%
_wsG{mT
,!wTsd
ww?????
ww\\\~~
}}}}}}}}}}}}wwww
wwwwwwww
WWWWWWWWW
WWWWWWWWWWWWWWWWWWW
WWWWWWWWWWWWWWWWWWWWWWWW
)X{(]\^
X++++++++++++
X:[A]]W-
$@@xj^
\Xn7X-
XoP`<M
XoZ2!L
"""xxxxxx
xxxxxxx
XXXXXXXX
XXXXXXXXXXXXX11
XXXXXXXXXXXy
@@X=y5
``,  Y
  [Y}6u
y&  )8
y`Ffxc
Y]Hr+WVo
yNN.&NHec=
]Yo.  
YuU(``
(``Y$  V
/////yy
yyyyyyyy&&&&&&&&&&&ll
yyyyyyyyyyyyv
``Z(@@
*z<^1=
]z8;~E
`-zbjv
ZCNk7FTqY3<B
ZH>kqf
``' @@zK
zM&``e#8
zun"  
@@z~^v
z!?_W@
!!!!!!!!!zz!!!!!
,``Z ``z
)))))zzDDDDDDDDDDDDD
ZZZZZZ
ZZZZZZ@@@@@qq``
ZZZZZZZ
ZZZZZZZZ
   ]]]]]]]]]]]]]]]]]]!zzzzzzzzz