Analysis Date2014-06-29 03:27:24
MD5dc5cadc7686899a252db94404fbe4c92
SHA1d9b6731b04f775d7b18c8c6ff7ed8aee54533f5e

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 452358b409d706e69b824c8aa8b9b807 sha1: b25eace1f232db7b82c01cb36980e177565cd6d0 size: 112640
Section.rdata md5: aead6bf6ce1c4e050e12820dc79bb7c2 sha1: acb70bb494b7948a5f0374766e748eb0e5dc3f1e size: 1024
Section.data md5: 7a8bad8d29a702eb727bc3897c3cde88 sha1: 429e4c8f3652a4c32a1166732b9d8da85be86a5d size: 66560
Section.reloc md5: 8584846b380f2ff94fcf11ce9fa2a78a sha1: aede5727404b6d70f0f3e8c26514985688630c2d size: 1024
Timestamp2005-10-29 07:03:34
PEhash35e9515483f7f235c5d0815d0aa1251e2564e165
IMPhash4eb3fae2e5d5b84e8059aebd86a6504d
AV360 SafeTrojan.Generic.KD.360820
AVAd-AwareTrojan.Generic.KD.360820
AVAlwil (avast)Cybota [Trj]
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Goolbot.K.gen!Eldorado
AVAvira (antivir)TR/Crypt.ZPACK.Gen
AVCA (E-Trust Ino)Win32/Cycbot.G!generic
AVCAT (quickheal)Backdoor.Cycbot.B
AVClamAVTrojan.Gbot-449
AVDr. WebBackDoor.Gbot.73
AVEmsisoftTrojan.Generic.KD.360820
AVEset (nod32)Win32/Kryptik.SXV
AVFortinetW32/Kryptik.SMY!tr.bdr
AVFrisk (f-prot)W32/Goolbot.K.gen!Eldorado (generic, not disinfectable)
AVF-SecureRogue:W32/OpenCloud.A
AVGrisoft (avg)Win32/Cryptor
AVIkarusBackdoor.Win32.Cycbot
AVK7Backdoor ( 003210941 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesBackdoor.Bot
AVMcafeeBackDoor-EXI.gen.n
AVMicrosoft Security EssentialsBackdoor:Win32/Cycbot.G
AVMicroWorld (escan)Trojan.Generic.KD.360820
AVNormanwinpe/Cycbot.EC
AVRisingBackdoor.Win32.Cycbot.a
AVSophosMal/FakeAV-IS
AVSymantecTrojan.Gen.2
AVTrend MicroBKDR_CYCBOT.SME3
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
1
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\conhost ➝
C:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Application Data\75DE.FFC
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Application Data\dwm.exe%C:\Documents and Settings\Administrator\Application Data
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe%C:\Documents and Settings\Administrator\Local Settings\Temp
Creates Mutex{A5B35993-9674-43cd-8AC7-5BC5013E617B}
Creates Mutex{5A92A751-F926-4BB9-872E-BEC4A4CD571F}
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutex{61B98B86-5F44-42b3-BCA1-33904B067B81}
Creates Mutex{0ECE180F-6E9E-4FA6-A154-6876D9DB8906}
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutex{B5B35993-9674-43cd-8AC7-5BC5013E617B}
Creates Mutex{B16C7E24-B3B8-4962-BF5E-4B33FD2DFE78}
Creates Mutex{B37C48AF-B05C-4520-8B38-2FE181D5DC78}
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNS127.0.0.1
Winsock DNSyourmediaresources.com
Winsock DNSrealsoftwaredevelopment.com

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe%C:\Documents and Settings\Administrator\Local Settings\Temp

Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Application Data\dwm.exe%C:\Documents and Settings\Administrator\Application Data

Creates ProcessC:\Documents and Settings\Administrator\Application Data\dwm.exe

Process
↳ C:\Documents and Settings\Administrator\Application Data\dwm.exe

Network Details:

DNSrealsoftwaredevelopment.com
Type: A
141.101.116.129
DNSrealsoftwaredevelopment.com
Type: A
141.101.117.129
DNSzonedg.com
Type: A
208.73.210.210
DNSzonedg.com
Type: A
208.73.211.179
DNSzonedg.com
Type: A
208.73.211.237
DNSzonedg.com
Type: A
208.73.211.240
DNSzonedg.com
Type: A
208.73.211.250
DNSyourblogresources.com
Type: A
DNSyourmediaresources.com
Type: A
HTTP GEThttp://realsoftwaredevelopment.com/WindowsLiveWriter/web-2_0_thumb_1.gif?v6=72&tq=gKZEtzyg970h%2FliPQjS%2F9fXIV6ZDe1pQGSSad2xbBSGiZCKUG2DwWPXY7MeN8l67r3r1XieBCvGXV3umTAOYMocXTHkQyQb3b4xLiblbqbdJdK2OhKZ%2BHyPNF0WTm90MAdLjnouwgcz%2FYDJTWbMqv1XD5bZeB1sDBuhFMSgIM6vBusQ9c9Qls4dAWEY5sAriFyd67hjrW%2F5XHLyUa2N1mFIMG25tNma02ylJadhimx7KLqYh3PqlFiBvx6kAOvh%2B72h6TN%2F0kaahiPpsdQP6xYwy9ZC9WinK
User-Agent: mozilla/2.0
HTTP POSThttp://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfVsSvT5wug%2BtygfvO7H33Hhbj%2Fh7sbedf1sSvT8t65i9hlL9PmxqXH0bF%2FmiMWrdPd5SOeikL50gB9K5PLNq3eFGjzh%2F8DdAYdrT5WO0alxtygbpb6HvnSAOQij%2B8yvUq%2F3vleWbkY%3D
User-Agent: mozilla/2.0
HTTP POSThttp://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfVsSvT5wug%2BtygfvO7H33Hhbj%2Fh7sbedf1sSvT8t65i9hlL9PmxqXH0bF%2FmiMWrdPd5SOeikL50gB9K5PLNq3eFGjzh%2F8DdAYdrT5WO0alxtygbpb6HvnSAOQij%2B82uYvEaS%2FT%2BsqlSr%2Fe%2BV5ZuRg%3D%3D
User-Agent: mozilla/2.0
HTTP POSThttp://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfVsSvT5wug%2BtygfvO7H33Hhbj%2Fh7sbedf1sSvT8t65i9hlL9PmxqXH0bF%2FmiMWrdPd5SOeikL50gB9K5PLNq3eFGjzh%2F8DdAYdrT5WO0alxtygbpb6HvnSAOQij%2B8yjYvEaSPT%2BsqtSr%2Fe%2BV5ZuRg%3D%3D
User-Agent: mozilla/2.0
HTTP POSThttp://zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfVsSvT5wug%2BtygfvO7H33Hhbj%2Fh7sbedf1sSvT8t65i9hlL9PmxqXH0bF%2FmiMWrdPd5SOeikL50gB9K5PLNq3eFGjzh%2F8DdAYdrT5WO0alxtygbpb6HvnSAOQij%2B8OoYvEaSPT%2BsqlSr%2Fe%2BV5ZuRg%3D%3D
User-Agent: mozilla/2.0
Flows TCP192.168.1.1:1031 ➝ 141.101.116.129:80
Flows TCP192.168.1.1:1032 ➝ 208.73.210.210:80
Flows TCP192.168.1.1:1033 ➝ 208.73.210.210:80
Flows TCP192.168.1.1:1034 ➝ 208.73.210.210:80
Flows TCP192.168.1.1:1035 ➝ 208.73.210.210:80

Raw Pcap
0x00000000 (00000)   47455420 2f57696e 646f7773 4c697665   GET /WindowsLive
0x00000010 (00016)   57726974 65722f77 65622d32 5f305f74   Writer/web-2_0_t
0x00000020 (00032)   68756d62 5f312e67 69663f76 363d3732   humb_1.gif?v6=72
0x00000030 (00048)   2674713d 674b5a45 747a7967 39373068   &tq=gKZEtzyg970h
0x00000040 (00064)   2532466c 6950516a 53253246 39665849   %2FliPQjS%2F9fXI
0x00000050 (00080)   56365a44 65317051 47535361 64327862   V6ZDe1pQGSSad2xb
0x00000060 (00096)   42534769 5a434b55 47324477 57505859   BSGiZCKUG2DwWPXY
0x00000070 (00112)   374d654e 386c3637 72337231 58696542   7MeN8l67r3r1XieB
0x00000080 (00128)   43764758 5633756d 54414f59 4d6f6358   CvGXV3umTAOYMocX
0x00000090 (00144)   54486b51 79516233 6234784c 69626c62   THkQyQb3b4xLiblb
0x000000a0 (00160)   7162644a 644b324f 684b5a25 32424879   qbdJdK2OhKZ%2BHy
0x000000b0 (00176)   504e4630 57546d39 304d4164 4c6a6e6f   PNF0WTm90MAdLjno
0x000000c0 (00192)   75776763 7a253246 59444a54 57624d71   uwgcz%2FYDJTWbMq
0x000000d0 (00208)   76315844 35625a65 42317344 42756846   v1XD5bZeB1sDBuhF
0x000000e0 (00224)   4d536749 4d367642 75735139 6339516c   MSgIM6vBusQ9c9Ql
0x000000f0 (00240)   73346441 57455935 73417269 46796436   s4dAWEY5sAriFyd6
0x00000100 (00256)   37686a72 57253246 3558484c 79556132   7hjrW%2F5XHLyUa2
0x00000110 (00272)   4e316d46 494d4732 35744e6d 61303279   N1mFIMG25tNma02y
0x00000120 (00288)   6c4a6164 68696d78 374b4c71 59683350   lJadhimx7KLqYh3P
0x00000130 (00304)   716c4669 42767836 6b414f76 68253242   qlFiBvx6kAOvh%2B
0x00000140 (00320)   37326836 544e2532 46306b61 61686950   72h6TN%2F0kaahiP
0x00000150 (00336)   70736451 50367859 7779395a 43395769   psdQP6xYwy9ZC9Wi
0x00000160 (00352)   6e4b2048 5454502f 312e300d 0a436f6e   nK HTTP/1.0..Con
0x00000170 (00368)   6e656374 696f6e3a 20636c6f 73650d0a   nection: close..
0x00000180 (00384)   486f7374 3a207265 616c736f 66747761   Host: realsoftwa
0x00000190 (00400)   72656465 76656c6f 706d656e 742e636f   redevelopment.co
0x000001a0 (00416)   6d0d0a41 63636570 743a202a 2f2a0d0a   m..Accept: */*..
0x000001b0 (00432)   55736572 2d416765 6e743a20 6d6f7a69   User-Agent: mozi
0x000001c0 (00448)   6c6c612f 322e300d 0a0d0a              lla/2.0....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   56735376 54357775 67253242 74796766   VsSvT5wug%2Btygf
0x00000040 (00064)   764f3748 33334868 626a2532 46683773   vO7H33Hhbj%2Fh7s
0x00000050 (00080)   62656466 31735376 54387436 35693968   bedf1sSvT8t65i9h
0x00000060 (00096)   6c4c3950 6d787158 48306246 2532466d   lL9PmxqXH0bF%2Fm
0x00000070 (00112)   694d5772 64506435 534f6569 6b4c3530   iMWrdPd5SOeikL50
0x00000080 (00128)   6742394b 35504c4e 71336546 476a7a68   gB9K5PLNq3eFGjzh
0x00000090 (00144)   25324638 44644159 64725435 574f3061   %2F8DdAYdrT5WO0a
0x000000a0 (00160)   6c787479 67627062 3648766e 53414f51   lxtygbpb6HvnSAOQ
0x000000b0 (00176)   696a2532 42387976 55712532 4633766c   ij%2B8yvUq%2F3vl
0x000000c0 (00192)   6557626b 59253344 20485454 502f312e   eWbkY%3D HTTP/1.
0x000000d0 (00208)   310d0a48 6f73743a 207a6f6e 6564672e   1..Host: zonedg.
0x000000e0 (00224)   636f6d0d 0a557365 722d4167 656e743a   com..User-Agent:
0x000000f0 (00240)   206d6f7a 696c6c61 2f322e30 0d0a436f    mozilla/2.0..Co
0x00000100 (00256)   6e74656e 742d4c65 6e677468 3a20300d   ntent-Length: 0.
0x00000110 (00272)   0a436f6e 6e656374 696f6e3a 20636c6f   .Connection: clo
0x00000120 (00288)   73650d0a 0d0a6d78 374b4c71 59683350   se....mx7KLqYh3P
0x00000130 (00304)   716c4669 42767836 6b414f76 68253242   qlFiBvx6kAOvh%2B
0x00000140 (00320)   37326836 544e2532 46306b61 61686950   72h6TN%2F0kaahiP
0x00000150 (00336)   70736451 50367859 7779395a 43395769   psdQP6xYwy9ZC9Wi
0x00000160 (00352)   6e4b2048 5454502f 312e300d 0a436f6e   nK HTTP/1.0..Con
0x00000170 (00368)   6e656374 696f6e3a 20636c6f 73650d0a   nection: close..
0x00000180 (00384)   486f7374 3a207265 616c736f 66747761   Host: realsoftwa
0x00000190 (00400)   72656465 76656c6f 706d656e 742e636f   redevelopment.co
0x000001a0 (00416)   6d0d0a41 63636570 743a202a 2f2a0d0a   m..Accept: */*..
0x000001b0 (00432)   55736572 2d416765 6e743a20 6d6f7a69   User-Agent: mozi
0x000001c0 (00448)   6c6c612f 322e300d 0a0d0a              lla/2.0....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   56735376 54357775 67253242 74796766   VsSvT5wug%2Btygf
0x00000040 (00064)   764f3748 33334868 626a2532 46683773   vO7H33Hhbj%2Fh7s
0x00000050 (00080)   62656466 31735376 54387436 35693968   bedf1sSvT8t65i9h
0x00000060 (00096)   6c4c3950 6d787158 48306246 2532466d   lL9PmxqXH0bF%2Fm
0x00000070 (00112)   694d5772 64506435 534f6569 6b4c3530   iMWrdPd5SOeikL50
0x00000080 (00128)   6742394b 35504c4e 71336546 476a7a68   gB9K5PLNq3eFGjzh
0x00000090 (00144)   25324638 44644159 64725435 574f3061   %2F8DdAYdrT5WO0a
0x000000a0 (00160)   6c787479 67627062 3648766e 53414f51   lxtygbpb6HvnSAOQ
0x000000b0 (00176)   696a2532 42383275 59764561 53253246   ij%2B82uYvEaS%2F
0x000000c0 (00192)   54253242 73716c53 72253246 65253242   T%2BsqlSr%2Fe%2B
0x000000d0 (00208)   56355a75 52672533 44253344 20485454   V5ZuRg%3D%3D HTT
0x000000e0 (00224)   502f312e 310d0a48 6f73743a 207a6f6e   P/1.1..Host: zon
0x000000f0 (00240)   6564672e 636f6d0d 0a557365 722d4167   edg.com..User-Ag
0x00000100 (00256)   656e743a 206d6f7a 696c6c61 2f322e30   ent: mozilla/2.0
0x00000110 (00272)   0d0a436f 6e74656e 742d4c65 6e677468   ..Content-Length
0x00000120 (00288)   3a20300d 0a436f6e 6e656374 696f6e3a   : 0..Connection:
0x00000130 (00304)   20636c6f 73650d0a 0d0a7563 68206669    close....uch fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   56735376 54357775 67253242 74796766   VsSvT5wug%2Btygf
0x00000040 (00064)   764f3748 33334868 626a2532 46683773   vO7H33Hhbj%2Fh7s
0x00000050 (00080)   62656466 31735376 54387436 35693968   bedf1sSvT8t65i9h
0x00000060 (00096)   6c4c3950 6d787158 48306246 2532466d   lL9PmxqXH0bF%2Fm
0x00000070 (00112)   694d5772 64506435 534f6569 6b4c3530   iMWrdPd5SOeikL50
0x00000080 (00128)   6742394b 35504c4e 71336546 476a7a68   gB9K5PLNq3eFGjzh
0x00000090 (00144)   25324638 44644159 64725435 574f3061   %2F8DdAYdrT5WO0a
0x000000a0 (00160)   6c787479 67627062 3648766e 53414f51   lxtygbpb6HvnSAOQ
0x000000b0 (00176)   696a2532 4238796a 59764561 53505425   ij%2B8yjYvEaSPT%
0x000000c0 (00192)   32427371 74537225 32466525 32425635   2BsqtSr%2Fe%2BV5
0x000000d0 (00208)   5a755267 25334425 33442048 5454502f   ZuRg%3D%3D HTTP/
0x000000e0 (00224)   312e310d 0a486f73 743a207a 6f6e6564   1.1..Host: zoned
0x000000f0 (00240)   672e636f 6d0d0a55 7365722d 4167656e   g.com..User-Agen
0x00000100 (00256)   743a206d 6f7a696c 6c612f32 2e300d0a   t: mozilla/2.0..
0x00000110 (00272)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000120 (00288)   300d0a43 6f6e6e65 6374696f 6e3a2063   0..Connection: c
0x00000130 (00304)   6c6f7365 0d0a0d0a 2e676966 223e0a20   lose.....gif">. 
0x00000140 (00320)   203c2f62 6f64793e 0a3c2f68 746d6c3e    </body>.</html>
0x00000150 (00336)   0a736451 50367859 7779395a 43395769   .sdQP6xYwy9ZC9Wi
0x00000160 (00352)   6e4b2048 5454502f 312e300d 0a436f6e   nK HTTP/1.0..Con
0x00000170 (00368)   6e656374 696f6e3a 20636c6f 73650d0a   nection: close..
0x00000180 (00384)   486f7374 3a207265 616c736f 66747761   Host: realsoftwa
0x00000190 (00400)   72656465 76656c6f 706d656e 742e636f   redevelopment.co
0x000001a0 (00416)   6d0d0a41 63636570 743a202a 2f2a0d0a   m..Accept: */*..
0x000001b0 (00432)   55736572 2d416765 6e743a20 6d6f7a69   User-Agent: mozi
0x000001c0 (00448)   6c6c612f 322e300d 0a0d0a              lla/2.0....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   56735376 54357775 67253242 74796766   VsSvT5wug%2Btygf
0x00000040 (00064)   764f3748 33334868 626a2532 46683773   vO7H33Hhbj%2Fh7s
0x00000050 (00080)   62656466 31735376 54387436 35693968   bedf1sSvT8t65i9h
0x00000060 (00096)   6c4c3950 6d787158 48306246 2532466d   lL9PmxqXH0bF%2Fm
0x00000070 (00112)   694d5772 64506435 534f6569 6b4c3530   iMWrdPd5SOeikL50
0x00000080 (00128)   6742394b 35504c4e 71336546 476a7a68   gB9K5PLNq3eFGjzh
0x00000090 (00144)   25324638 44644159 64725435 574f3061   %2F8DdAYdrT5WO0a
0x000000a0 (00160)   6c787479 67627062 3648766e 53414f51   lxtygbpb6HvnSAOQ
0x000000b0 (00176)   696a2532 42384f6f 59764561 53505425   ij%2B8OoYvEaSPT%
0x000000c0 (00192)   32427371 6c537225 32466525 32425635   2BsqlSr%2Fe%2BV5
0x000000d0 (00208)   5a755267 25334425 33442048 5454502f   ZuRg%3D%3D HTTP/
0x000000e0 (00224)   312e310d 0a486f73 743a207a 6f6e6564   1.1..Host: zoned
0x000000f0 (00240)   672e636f 6d0d0a55 7365722d 4167656e   g.com..User-Agen
0x00000100 (00256)   743a206d 6f7a696c 6c612f32 2e300d0a   t: mozilla/2.0..
0x00000110 (00272)   436f6e74 656e742d 4c656e67 74683a20   Content-Length: 
0x00000120 (00288)   300d0a43 6f6e6e65 6374696f 6e3a2063   0..Connection: c
0x00000130 (00304)   6c6f7365 0d0a0d0a 0d0a7563 68206669   lose......uch fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.


Strings
.
W
.
..
.F.
Y
.
.

080904b0
1.0.0.1
1981
FileVersion
&find
&Find any        Alt+F
PrivateBuild
ProductVersion
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
``````
^^^^^^^^
^^^^^^^^^
^^^^^^^^^^^^^
~~~~~~~~~
~~~~~~~~~~~
<<<<<<<<<<<<<<<<
||||||||
|||||||||
||||||||||
        
         
___________
------------
,,,,,,,
::::::
!!!!!!!!!
?  @&  
...........
''``````````
''''''
'''''''
''''''''
"` $@ 
"""""""""""
((((((((((((
)))))))))
))))))))))))))))
{{{{{{{{
********  
\\{{{{
\\\\\\\\\\\
&&&&&&
##############
%%%%%%
							
												
000000
00vvvvvvvvvvvv
/0mzM:
0-W-`R
11111111
1111111111111
11111UUUU
132Twx
1m?aUl_p?
1oFN,D
1<yaS"
2G"gGo
2hhhhhhhhhh
2HY5'n
 @2k8}
2ky8<L
2&mqp~
2 |Sg%
2v0E=*
&&3""""""""""
.31&YX
#3338888
3bc tF
3h0c@]
3=   u
44444444
44444444444
444444444444444444
44444U
4@;9Y&
4Vuq`.
)4y2q,@@
55555555555555555555gggg
5~eBGAl
5" `eh
5ft8s@U
<5lerT]
-{6|*` 
]6< @`:
;;666666
]6666666
777777
(_7;cYF
7TJ"  cV
#84<XN
88:::::
%%88888
88888""""
_8G[t~9d
8l+F{7;
 /8	sOs
9|-@050
91k" `
]	9BV>
9?SmBm
9VWF<]
9Y-MSjd
@@?9yt
9YYAGF
AAAAAAFFFFFFFFF
AABBBBBBBBBBBBB
"``+aE
aehnJSq
$@`AfXLs]
ajA"{T
a<JD|2
<aK\;y
>A+pM~K5gv
 AS.7B
ASIF	-
Au's4hD+V
B///<<
B642|]zH
^[B9]D
########bbb
``````````bbbbbb
[bbbbbbbbb
bEEEyyyyyy
#`*b_v\
}c5XY$
c63=R/
@`c8!H
CbizR{
CCCCCCCCC
cDFmXi6
C>$GQN7
ClipCursor
CreatePopupMenu
D0s7B*&m
d3D+~:	>]
@.data
&&&&dd
. @=DD"
DDDDDD
""DDDDDDDDDJJ
DDDDooo
DestroyMenu
d@gikM
dhGyi<
D""&&&&iiiiiiii@@@@@@
` d~t\
DuplicateHandle
(<{D`UQ
d`|x+X
e*@`0B
ebG(@@
E/|c*?
EEEEEEE
eeeeeeeeeeeeeeeeeeeeeeeeeeeee
EEEErrrrr
E. @f#5
E@~'Lf=
_E%lHY1
eME8!74
EnumResourceNamesW
Ep9$Fp[
EqbRAAp
f0U--xv
`F)6au!
F*  aq|
+]f+c/
[=F<ey
ffffff
fffffffff
^FFFFFFFFF
"Fg^qD
FHj{e]Dp
FindClose
FindFirstFileA
FindResourceExA
FindWindowA
FJ,*kht6
@@FkUnx|
FlushInstructionCache
FrVE)l
fuug9h
F$ `;w
g8&Qum;
,Gch3j(
<gdpT=x
GetDesktopWindow
GetModuleFileNameW
GGGGGG
GGGGGGGGGGGGGGG
ggggggggggggggWWWW
<g( `h
`@GhI0
;Gj* @
gmkvwr
$gnG(1
g~!oEC&
g!~[t\
G|w1O|
/'GX'A
hfX%.W
HHHHHHHHHH
hhhhhhhhhhh
HHHHHHHHHHH
@`Hhi&
[Hy7z%"G
%%%%%i
.I?DQF
i~GlUf
}iGu3=
II"""""""""X
`@-.@@|iu
IYKM\oU
j;9AK$
j"9;Zm
jA3EZo
J}m,@@j
J+Mv|*
J!nnT''
J,t4s9
`Jy"@`*
k1*@ " 
K1	}wK
K\"@ 8
k8ckJu
kD*@`;
:Ke92?
KERNEL32.dll
kkkkk6SSSfffffff
kkkkkkkkk
kkkkkkkkkkkk
K+QK}}
KS,`@m$
kveV(`
/)+L6z=
L* a96cS*
LIulrj
LLLLLLLLLL--
LLLLLLLvvvvvv
L!LnfSQ
@;" @Ls
lwB9<l
'*` M,
MapViewOfFile
MC/_/Vqg
M~;F;n
!mhPAPI
*MJQu[
MMM>>^^^^
mmmmmmmm
[/Mm#u
M(o+Z\
mU8M;,a
m\@w*`@
)m+Y<J
N[ 0\uw2<G-Ce
NA`|L:
NdrComplexArrayFree
@NInZYP
nKj">T
 `nl[Ov
@@N(@`N
NNNNNN
nnnnnnn
N(@`P5
nW)`i,
O>2-ig_
oc>OnD
O/;}d<
.ofKlC
,@ OhI
`oizGi
oLO~,P)
OOOO))))
OOOO[[[
ooooooBBmmmmmmmm
ooooooooo
OOOOOOOOO
ooooooooooooo
OOOOOOOOOOOOOOO
OOOOOOOOXX
%Oo>YW
 `OQx=
OwwPPPPPP
%OWXBp
%!P'&@
``p~1@
P!/6QF
>p^9Kiy
p;b;>s"
- PLi4
plU~)|
pppp)))))))))
$ppppppp
pppttttttttttt
?Pv[HS9
pW8@|	
_____Q
q>0T0xP
q!4P.Ic
Q\@6vH
-Qb}],
q"@ G'
@ 	}qJ$
Q&pG-!w
QQ____
Qq=2W{
QQQ'''''''\\\
qqqEEEEEE
qqqqqqqqOOOOOOOOOOOOOOO
qqqqqqqqq
QQQQQQQQQQQQQ
QtX20X
` q+~vf
@r/|%-
r32-)g
R3(n'j
RBo$A4
`.rdata
r@DFp	x8
RedrawWindow
.reloc
>RL`VA
RPCRT4.dll
rrrrrrrrrrrrrr
rSSSSSSSS
rVqA]4.@
/'s( `
s+++++++++
S|||||||||||||
 S9)I(
sAQi, 
SetFileShortNameW
~Sh{9@
SHELL32.dll
Shell_NotifyIconA
S.@ HNC
!s(o84A
ssJJJJJJJJJ
....SSSSSS%%%
ssssssssssss
	!SX<Aw+2
.@ szo\
^(&t'	
"`@)+t
T?1K$R
Te^)g9<
@`Tg3r
!This program cannot be run in DOS mode.
timeEndPeriod
TLXqqH
Tmi3"w@
TMSsS8
TmY!?YL
, T.r2j
TrackPopupMenuEx
tslv*@
TT||||||||=====
tttt              9
TTTTkkkkkkkkk
TTTTTTTTTTT>>>>>>>>>>>>>
ttttttttttttt
T\z @`
u>	,0mr
@u,@ 7
-UG#MM
uhg8c+
u*i$:`
-,UL+D
/umQP8[f0yO7
UnmapViewOfFile
u,P>+f
USER32
UuidCreate
<<<<<<UUU
uuuuuuuuu
UUUUUUUUUUhhhh
uuuuuuuuuuuuuuuu
uWTWb&
ux2Q,@
v******
@`V, `
v7+qGn
V/7!t5
vdnP~r
VegP,J
;'?V\I
Vooyyyyyyyy
VP?s5D
vrID}b
vvvIIIIIIIII
VVVVVVV
VVVVVVVVVVV
vvvxxxx`````
`@!W>?
wD,@`*
WINMM.dll
wo[7%M
wQ=>wSo
}w}@=r
(wRC+5
wsucA[
?				WWWWWWWW
wwwwwwwwww
WX''!%
W.``]Y
X;0M&a
 `XD*@
x!G1~[m
Xh3+fq
 >xmOZ);
xPCkf2
 @XR8c
>X, `U
xxhhhh77777
xxxxxxxx
XXXXXXXXX
 @@yI4fV7
`+YMj.
y`"@`N
y	P@PM
yyyyyy
yyyyyyy
YYYYYYY
!!*yyyyyyyyyyyy
y-znM{
Z0azh6
z=\ ?b
)&Z==k@
Z@KpL<j
zqh.dll
.z'S`P
"``:ZTa
@#zt@~M
#ZUN;Pt
 ZWHS,
zz2af4
[[[[zzz
zzzzzzzz