Malware Archive

Home | Objdump info | Perdr info | Strings info

MD5 : 2aa59ba4251795deda72738d1c67be7c
SHA1SUM : 13a50734d78a81437eaa2592ad24bc0a6720745e

architecture: i386, flags 0x0000010b:
HAS_RELOC, EXEC_P, HAS_DEBUG, D_PAGED
start address 0x00403fcc

Characteristics 0x818e
executable
line numbers stripped
symbols stripped
little endian
32 bit words
big endian

Time/Date Sat Jun 20 00:22:17 1992
Magic 010b (PE32)
MajorLinkerVersion 2
MinorLinkerVersion 25
SizeOfCode 00003a00
SizeOfInitializedData 0001f200
SizeOfUninitializedData 00000000
AddressOfEntryPoint 0000000000003fcc
BaseOfCode 0000000000001000
BaseOfData 0000000000005000
ImageBase 0000000000400000
SectionAlignment 0000000000001000
FileAlignment 0000000000000200
MajorOSystemVersion 4
MinorOSystemVersion 0
MajorImageVersion 0
MinorImageVersion 0
MajorSubsystemVersion 4
MinorSubsystemVersion 0
Win32Version 00000000
SizeOfImage 0002a000
SizeOfHeaders 00000400
CheckSum 00000000
Subsystem 00000002 (Windows GUI)
DllCharacteristics 00000000
SizeOfStackReserve 0000000000100000
SizeOfStackCommit 0000000000004000
SizeOfHeapReserve 0000000000100000
SizeOfHeapCommit 0000000000001000
LoaderFlags 00000000
NumberOfRvaAndSizes 00000010

The Data Directory
Entry 0 0000000000000000 00000000 Export Directory [.edata (or where ever we found it)]
Entry 1 0000000000007000 000005ea Import Directory [parts of .idata]
Entry 2 000000000000b000 0001e23c Resource Directory [.rsrc]
Entry 3 0000000000000000 00000000 Exception Directory [.pdata]
Entry 4 0000000000000000 00000000 Security Directory
Entry 5 000000000000a000 000003f4 Base Relocation Directory [.reloc]
Entry 6 0000000000000000 00000000 Debug Directory
Entry 7 0000000000000000 00000000 Description Directory
Entry 8 0000000000000000 00000000 Special Directory
Entry 9 0000000000009000 00000018 Thread Storage Directory [.tls]
Entry a 0000000000000000 00000000 Load Configuration Directory
Entry b 0000000000000000 00000000 Bound Import Directory
Entry c 0000000000000000 00000000 Import Address Table Directory
Entry d 0000000000000000 00000000 Delay Import Directory
Entry e 0000000000000000 00000000 CLR Runtime Header
Entry f 0000000000000000 00000000 Reserved

There is an import table in .idata at 0x407000

The Import Tables (interpreted .idata section contents)
vma: Hint Time Forward DLL First
Table Stamp Chain Name Thunk
00007000 00000000 00000000 00000000 000071b0 000070a0

DLL Name: kernel32.dll

00007014 00000000 00000000 00000000 0000734e 0000710c

DLL Name: user32.dll

00007028 00000000 00000000 00000000 00007366 00007114

DLL Name: oleaut32.dll

0000703c 00000000 00000000 00000000 0000739a 00007120

DLL Name: advapi32.dll

00007050 00000000 00000000 00000000 000073d6 00007130

DLL Name: kernel32.dll

00007064 00000000 00000000 00000000 0000759c 0000719c

DLL Name: shell32.dll

00007078 00000000 00000000 00000000 000075ca 000071a8

DLL Name: ntdll.dll

0000708c 00000000 00000000 00000000 00000000 00000000

PE File Base Relocations (interpreted .reloc section contents)

Virtual Address: 00001000 Chunk size 216 (0xd8) Number of fixups 104
reloc 0 offset 0 [1000] HIGHLOW
reloc 1 offset e [100e] HIGHLOW
reloc 2 offset 16 [1016] HIGHLOW
reloc 3 offset 1e [101e] HIGHLOW
reloc 4 offset 26 [1026] HIGHLOW
reloc 5 offset 2e [102e] HIGHLOW
reloc 6 offset 36 [1036] HIGHLOW
reloc 7 offset 3e [103e] HIGHLOW
reloc 8 offset 46 [1046] HIGHLOW
reloc 9 offset 4e [104e] HIGHLOW
reloc 10 offset 56 [1056] HIGHLOW
reloc 11 offset 5e [105e] HIGHLOW
reloc 12 offset 66 [1066] HIGHLOW
reloc 13 offset 6e [106e] HIGHLOW
reloc 14 offset 76 [1076] HIGHLOW
reloc 15 offset 7e [107e] HIGHLOW
reloc 16 offset 86 [1086] HIGHLOW
reloc 17 offset 8e [108e] HIGHLOW
reloc 18 offset 96 [1096] HIGHLOW
reloc 19 offset 9e [109e] HIGHLOW
reloc 20 offset a6 [10a6] HIGHLOW
reloc 21 offset ae [10ae] HIGHLOW
reloc 22 offset b6 [10b6] HIGHLOW
reloc 23 offset be [10be] HIGHLOW
reloc 24 offset c6 [10c6] HIGHLOW
reloc 25 offset ce [10ce] HIGHLOW
reloc 26 offset d6 [10d6] HIGHLOW
reloc 27 offset de [10de] HIGHLOW
reloc 28 offset e6 [10e6] HIGHLOW
reloc 29 offset ee [10ee] HIGHLOW
reloc 30 offset f6 [10f6] HIGHLOW
reloc 31 offset fc [10fc] HIGHLOW
reloc 32 offset 10d [110d] HIGHLOW
reloc 33 offset 116 [1116] HIGHLOW
reloc 34 offset 12f [112f] HIGHLOW
reloc 35 offset 138 [1138] HIGHLOW
reloc 36 offset 14a [114a] HIGHLOW
reloc 37 offset 162 [1162] HIGHLOW
reloc 38 offset 183 [1183] HIGHLOW
reloc 39 offset 19c [119c] HIGHLOW
reloc 40 offset 1b5 [11b5] HIGHLOW
reloc 41 offset 1c6 [11c6] HIGHLOW
reloc 42 offset 1db [11db] HIGHLOW
reloc 43 offset 1e8 [11e8] HIGHLOW
reloc 44 offset 208 [1208] HIGHLOW
reloc 45 offset 442 [1442] HIGHLOW
reloc 46 offset 52b [152b] HIGHLOW
reloc 47 offset 554 [1554] HIGHLOW
reloc 48 offset 55b [155b] HIGHLOW
reloc 49 offset 562 [1562] HIGHLOW
reloc 50 offset 632 [1632] HIGHLOW
reloc 51 offset 647 [1647] HIGHLOW
reloc 52 offset 67a [167a] HIGHLOW
reloc 53 offset 6ca [16ca] HIGHLOW
reloc 54 offset 6dc [16dc] HIGHLOW
reloc 55 offset 70e [170e] HIGHLOW
reloc 56 offset 716 [1716] HIGHLOW
reloc 57 offset 7b6 [17b6] HIGHLOW
reloc 58 offset 7d6 [17d6] HIGHLOW
reloc 59 offset 829 [1829] HIGHLOW
reloc 60 offset 8cd [18cd] HIGHLOW
reloc 61 offset 8d8 [18d8] HIGHLOW
reloc 62 offset 944 [1944] HIGHLOW
reloc 63 offset 94b [194b] HIGHLOW
reloc 64 offset 95c [195c] HIGHLOW
reloc 65 offset 968 [1968] HIGHLOW
reloc 66 offset 9b8 [19b8] HIGHLOW
reloc 67 offset 9ee [19ee] HIGHLOW
reloc 68 offset b6e [1b6e] HIGHLOW
reloc 69 offset b8a [1b8a] HIGHLOW
reloc 70 offset bab [1bab] HIGHLOW
reloc 71 offset bd1 [1bd1] HIGHLOW
reloc 72 offset c0b [1c0b] HIGHLOW
reloc 73 offset c11 [1c11] HIGHLOW
reloc 74 offset c22 [1c22] HIGHLOW
reloc 75 offset c31 [1c31] HIGHLOW
reloc 76 offset c37 [1c37] HIGHLOW
reloc 77 offset c45 [1c45] HIGHLOW
reloc 78 offset c55 [1c55] HIGHLOW
reloc 79 offset c68 [1c68] HIGHLOW
reloc 80 offset c72 [1c72] HIGHLOW
reloc 81 offset c76 [1c76] HIGHLOW
reloc 82 offset c7c [1c7c] HIGHLOW
reloc 83 offset c80 [1c80] HIGHLOW
reloc 84 offset c85 [1c85] HIGHLOW
reloc 85 offset c8c [1c8c] HIGHLOW
reloc 86 offset c92 [1c92] HIGHLOW
reloc 87 offset c9a [1c9a] HIGHLOW
reloc 88 offset ca0 [1ca0] HIGHLOW
reloc 89 offset cb0 [1cb0] HIGHLOW
reloc 90 offset cba [1cba] HIGHLOW
reloc 91 offset ce1 [1ce1] HIGHLOW
reloc 92 offset ce6 [1ce6] HIGHLOW
reloc 93 offset ceb [1ceb] HIGHLOW
reloc 94 offset d0d [1d0d] HIGHLOW
reloc 95 offset d16 [1d16] HIGHLOW
reloc 96 offset d2c [1d2c] HIGHLOW
reloc 97 offset d44 [1d44] HIGHLOW
reloc 98 offset d5f [1d5f] HIGHLOW
reloc 99 offset d7e [1d7e] HIGHLOW
reloc 100 offset d87 [1d87] HIGHLOW
reloc 101 offset dad [1dad] HIGHLOW
reloc 102 offset dba [1dba] HIGHLOW
reloc 103 offset 0 [1000] ABSOLUTE

Virtual Address: 00002000 Chunk size 192 (0xc0) Number of fixups 92
reloc 0 offset 5f [205f] HIGHLOW
reloc 1 offset 2c9 [22c9] HIGHLOW
reloc 2 offset 2d3 [22d3] HIGHLOW
reloc 3 offset 581 [2581] HIGHLOW
reloc 4 offset 58a [258a] HIGHLOW
reloc 5 offset 595 [2595] HIGHLOW
reloc 6 offset 59a [259a] HIGHLOW
reloc 7 offset 5a2 [25a2] HIGHLOW
reloc 8 offset 5aa [25aa] HIGHLOW
reloc 9 offset 85a [285a] HIGHLOW
reloc 10 offset 861 [2861] HIGHLOW
reloc 11 offset 86e [286e] HIGHLOW
reloc 12 offset 8d3 [28d3] HIGHLOW
reloc 13 offset 8df [28df] HIGHLOW
reloc 14 offset 8e7 [28e7] HIGHLOW
reloc 15 offset 8f0 [28f0] HIGHLOW
reloc 16 offset 8f6 [28f6] HIGHLOW
reloc 17 offset 903 [2903] HIGHLOW
reloc 18 offset 916 [2916] HIGHLOW
reloc 19 offset 923 [2923] HIGHLOW
reloc 20 offset 929 [2929] HIGHLOW
reloc 21 offset 92d [292d] HIGHLOW
reloc 22 offset 93c [293c] HIGHLOW
reloc 23 offset 966 [2966] HIGHLOW
reloc 24 offset 990 [2990] HIGHLOW
reloc 25 offset 99e [299e] HIGHLOW
reloc 26 offset 9a3 [29a3] HIGHLOW
reloc 27 offset 9bc [29bc] HIGHLOW
reloc 28 offset 9cc [29cc] HIGHLOW
reloc 29 offset 9dd [29dd] HIGHLOW
reloc 30 offset 9ee [29ee] HIGHLOW
reloc 31 offset 9fa [29fa] HIGHLOW
reloc 32 offset 9ff [29ff] HIGHLOW
reloc 33 offset a04 [2a04] HIGHLOW
reloc 34 offset a0b [2a0b] HIGHLOW
reloc 35 offset a12 [2a12] HIGHLOW
reloc 36 offset a1c [2a1c] HIGHLOW
reloc 37 offset a33 [2a33] HIGHLOW
reloc 38 offset a3f [2a3f] HIGHLOW
reloc 39 offset a4c [2a4c] HIGHLOW
reloc 40 offset a5e [2a5e] HIGHLOW
reloc 41 offset a6b [2a6b] HIGHLOW
reloc 42 offset a77 [2a77] HIGHLOW
reloc 43 offset a84 [2a84] HIGHLOW
reloc 44 offset a96 [2a96] HIGHLOW
reloc 45 offset a9e [2a9e] HIGHLOW
reloc 46 offset aa6 [2aa6] HIGHLOW
reloc 47 offset aae [2aae] HIGHLOW
reloc 48 offset ab6 [2ab6] HIGHLOW
reloc 49 offset abe [2abe] HIGHLOW
reloc 50 offset ac6 [2ac6] HIGHLOW
reloc 51 offset ace [2ace] HIGHLOW
reloc 52 offset ad6 [2ad6] HIGHLOW
reloc 53 offset ade [2ade] HIGHLOW
reloc 54 offset ae6 [2ae6] HIGHLOW
reloc 55 offset aee [2aee] HIGHLOW
reloc 56 offset af6 [2af6] HIGHLOW
reloc 57 offset afe [2afe] HIGHLOW
reloc 58 offset b06 [2b06] HIGHLOW
reloc 59 offset b0e [2b0e] HIGHLOW
reloc 60 offset b16 [2b16] HIGHLOW
reloc 61 offset b1e [2b1e] HIGHLOW
reloc 62 offset b26 [2b26] HIGHLOW
reloc 63 offset b2e [2b2e] HIGHLOW
reloc 64 offset b36 [2b36] HIGHLOW
reloc 65 offset b3e [2b3e] HIGHLOW
reloc 66 offset b46 [2b46] HIGHLOW
reloc 67 offset b4e [2b4e] HIGHLOW
reloc 68 offset b56 [2b56] HIGHLOW
reloc 69 offset b5e [2b5e] HIGHLOW
reloc 70 offset b66 [2b66] HIGHLOW
reloc 71 offset b6e [2b6e] HIGHLOW
reloc 72 offset b76 [2b76] HIGHLOW
reloc 73 offset b7e [2b7e] HIGHLOW
reloc 74 offset b93 [2b93] HIGHLOW
reloc 75 offset b9f [2b9f] HIGHLOW
reloc 76 offset bac [2bac] HIGHLOW
reloc 77 offset bbe [2bbe] HIGHLOW
reloc 78 offset bc6 [2bc6] HIGHLOW
reloc 79 offset bce [2bce] HIGHLOW
reloc 80 offset bdb [2bdb] HIGHLOW
reloc 81 offset be7 [2be7] HIGHLOW
reloc 82 offset bf4 [2bf4] HIGHLOW
reloc 83 offset c06 [2c06] HIGHLOW
reloc 84 offset c37 [2c37] HIGHLOW
reloc 85 offset c90 [2c90] HIGHLOW
reloc 86 offset cfe [2cfe] HIGHLOW
reloc 87 offset d10 [2d10] HIGHLOW
reloc 88 offset e17 [2e17] HIGHLOW
reloc 89 offset e59 [2e59] HIGHLOW
reloc 90 offset f95 [2f95] HIGHLOW
reloc 91 offset fd1 [2fd1] HIGHLOW

Virtual Address: 00003000 Chunk size 236 (0xec) Number of fixups 114
reloc 0 offset 1c [301c] HIGHLOW
reloc 1 offset 4e [304e] HIGHLOW
reloc 2 offset 5c [305c] HIGHLOW
reloc 3 offset d1 [30d1] HIGHLOW
reloc 4 offset 140 [3140] HIGHLOW
reloc 5 offset 14c [314c] HIGHLOW
reloc 6 offset 154 [3154] HIGHLOW
reloc 7 offset 188 [3188] HIGHLOW
reloc 8 offset 1a1 [31a1] HIGHLOW
reloc 9 offset 1bd [31bd] HIGHLOW
reloc 10 offset 1e5 [31e5] HIGHLOW
reloc 11 offset 1fe [31fe] HIGHLOW
reloc 12 offset 225 [3225] HIGHLOW
reloc 13 offset 245 [3245] HIGHLOW
reloc 14 offset 26c [326c] HIGHLOW
reloc 15 offset 296 [3296] HIGHLOW
reloc 16 offset 2cb [32cb] HIGHLOW
reloc 17 offset 30c [330c] HIGHLOW
reloc 18 offset 322 [3322] HIGHLOW
reloc 19 offset 370 [3370] HIGHLOW
reloc 20 offset 37e [337e] HIGHLOW
reloc 21 offset 38c [338c] HIGHLOW
reloc 22 offset 3cc [33cc] HIGHLOW
reloc 23 offset 42b [342b] HIGHLOW
reloc 24 offset 44f [344f] HIGHLOW
reloc 25 offset 45b [345b] HIGHLOW
reloc 26 offset 468 [3468] HIGHLOW
reloc 27 offset 47a [347a] HIGHLOW
reloc 28 offset 494 [3494] HIGHLOW
reloc 29 offset 49c [349c] HIGHLOW
reloc 30 offset 4a1 [34a1] HIGHLOW
reloc 31 offset 4b1 [34b1] HIGHLOW
reloc 32 offset 4b7 [34b7] HIGHLOW
reloc 33 offset 4dd [34dd] HIGHLOW
reloc 34 offset 514 [3514] HIGHLOW
reloc 35 offset 51c [351c] HIGHLOW
reloc 36 offset 521 [3521] HIGHLOW
reloc 37 offset 531 [3531] HIGHLOW
reloc 38 offset 537 [3537] HIGHLOW
reloc 39 offset 55d [355d] HIGHLOW
reloc 40 offset 595 [3595] HIGHLOW
reloc 41 offset 59d [359d] HIGHLOW
reloc 42 offset 5a2 [35a2] HIGHLOW
reloc 43 offset 5b2 [35b2] HIGHLOW
reloc 44 offset 5b8 [35b8] HIGHLOW
reloc 45 offset 5d0 [35d0] HIGHLOW
reloc 46 offset 603 [3603] HIGHLOW
reloc 47 offset 60f [360f] HIGHLOW
reloc 48 offset 61c [361c] HIGHLOW
reloc 49 offset 62e [362e] HIGHLOW
reloc 50 offset 63a [363a] HIGHLOW
reloc 51 offset 669 [3669] HIGHLOW
reloc 52 offset 6e0 [36e0] HIGHLOW
reloc 53 offset 86c [386c] HIGHLOW
reloc 54 offset 8a1 [38a1] HIGHLOW
reloc 55 offset 8cf [38cf] HIGHLOW
reloc 56 offset 8db [38db] HIGHLOW
reloc 57 offset 8e8 [38e8] HIGHLOW
reloc 58 offset 8fa [38fa] HIGHLOW
reloc 59 offset 916 [3916] HIGHLOW
reloc 60 offset 98c [398c] HIGHLOW
reloc 61 offset 9c2 [39c2] HIGHLOW
reloc 62 offset a9b [3a9b] HIGHLOW
reloc 63 offset ae1 [3ae1] HIGHLOW
reloc 64 offset b68 [3b68] HIGHLOW
reloc 65 offset ba7 [3ba7] HIGHLOW
reloc 66 offset bef [3bef] HIGHLOW
reloc 67 offset c17 [3c17] HIGHLOW
reloc 68 offset c23 [3c23] HIGHLOW
reloc 69 offset c30 [3c30] HIGHLOW
reloc 70 offset c42 [3c42] HIGHLOW
reloc 71 offset db6 [3db6] HIGHLOW
reloc 72 offset dd8 [3dd8] HIGHLOW
reloc 73 offset dff [3dff] HIGHLOW
reloc 74 offset e0b [3e0b] HIGHLOW
reloc 75 offset e18 [3e18] HIGHLOW
reloc 76 offset e2a [3e2a] HIGHLOW
reloc 77 offset e32 [3e32] HIGHLOW
reloc 78 offset e5c [3e5c] HIGHLOW
reloc 79 offset ee4 [3ee4] HIGHLOW
reloc 80 offset f0b [3f0b] HIGHLOW
reloc 81 offset f17 [3f17] HIGHLOW
reloc 82 offset f24 [3f24] HIGHLOW
reloc 83 offset f36 [3f36] HIGHLOW
reloc 84 offset f43 [3f43] HIGHLOW
reloc 85 offset f56 [3f56] HIGHLOW
reloc 86 offset f68 [3f68] HIGHLOW
reloc 87 offset f6c [3f6c] HIGHLOW
reloc 88 offset f70 [3f70] HIGHLOW
reloc 89 offset f74 [3f74] HIGHLOW
reloc 90 offset f78 [3f78] HIGHLOW
reloc 91 offset f7c [3f7c] HIGHLOW
reloc 92 offset f80 [3f80] HIGHLOW
reloc 93 offset f84 [3f84] HIGHLOW
reloc 94 offset f88 [3f88] HIGHLOW
reloc 95 offset f8c [3f8c] HIGHLOW
reloc 96 offset f90 [3f90] HIGHLOW
reloc 97 offset f94 [3f94] HIGHLOW
reloc 98 offset f98 [3f98] HIGHLOW
reloc 99 offset f9c [3f9c] HIGHLOW
reloc 100 offset fa0 [3fa0] HIGHLOW
reloc 101 offset fa4 [3fa4] HIGHLOW
reloc 102 offset fa8 [3fa8] HIGHLOW
reloc 103 offset fac [3fac] HIGHLOW
reloc 104 offset fb0 [3fb0] HIGHLOW
reloc 105 offset fb4 [3fb4] HIGHLOW
reloc 106 offset fb8 [3fb8] HIGHLOW
reloc 107 offset fbc [3fbc] HIGHLOW
reloc 108 offset fc0 [3fc0] HIGHLOW
reloc 109 offset fc8 [3fc8] HIGHLOW
reloc 110 offset fdf [3fdf] HIGHLOW
reloc 111 offset fec [3fec] HIGHLOW
reloc 112 offset ff7 [3ff7] HIGHLOW
reloc 113 offset ffc [3ffc] HIGHLOW

Virtual Address: 00004000 Chunk size 316 (0x13c) Number of fixups 154
reloc 0 offset 13 [4013] HIGHLOW
reloc 1 offset 1b [401b] HIGHLOW
reloc 2 offset 26 [4026] HIGHLOW
reloc 3 offset 2f [402f] HIGHLOW
reloc 4 offset 34 [4034] HIGHLOW
reloc 5 offset 39 [4039] HIGHLOW
reloc 6 offset 3e [403e] HIGHLOW
reloc 7 offset 6a [406a] HIGHLOW
reloc 8 offset 76 [4076] HIGHLOW
reloc 9 offset 8d [408d] HIGHLOW
reloc 10 offset 9f [409f] HIGHLOW
reloc 11 offset a4 [40a4] HIGHLOW
reloc 12 offset b2 [40b2] HIGHLOW
reloc 13 offset bb [40bb] HIGHLOW
reloc 14 offset dd [40dd] HIGHLOW
reloc 15 offset ee [40ee] HIGHLOW
reloc 16 offset fb [40fb] HIGHLOW
reloc 17 offset 105 [4105] HIGHLOW
reloc 18 offset 110 [4110] HIGHLOW
reloc 19 offset 122 [4122] HIGHLOW
reloc 20 offset 12c [412c] HIGHLOW
reloc 21 offset 137 [4137] HIGHLOW
reloc 22 offset 146 [4146] HIGHLOW
reloc 23 offset 15e [415e] HIGHLOW
reloc 24 offset 16b [416b] HIGHLOW
reloc 25 offset 177 [4177] HIGHLOW
reloc 26 offset 182 [4182] HIGHLOW
reloc 27 offset 191 [4191] HIGHLOW
reloc 28 offset 1a6 [41a6] HIGHLOW
reloc 29 offset 1ab [41ab] HIGHLOW
reloc 30 offset 1b5 [41b5] HIGHLOW
reloc 31 offset 1d4 [41d4] HIGHLOW
reloc 32 offset 1d9 [41d9] HIGHLOW
reloc 33 offset 1f3 [41f3] HIGHLOW
reloc 34 offset 200 [4200] HIGHLOW
reloc 35 offset 244 [4244] HIGHLOW
reloc 36 offset 249 [4249] HIGHLOW
reloc 37 offset 258 [4258] HIGHLOW
reloc 38 offset 25d [425d] HIGHLOW
reloc 39 offset 26a [426a] HIGHLOW
reloc 40 offset 28b [428b] HIGHLOW
reloc 41 offset 298 [4298] HIGHLOW
reloc 42 offset 2bb [42bb] HIGHLOW
reloc 43 offset 2c1 [42c1] HIGHLOW
reloc 44 offset 2cc [42cc] HIGHLOW
reloc 45 offset 2d1 [42d1] HIGHLOW
reloc 46 offset 2e0 [42e0] HIGHLOW
reloc 47 offset 2f1 [42f1] HIGHLOW
reloc 48 offset 2fc [42fc] HIGHLOW
reloc 49 offset 308 [4308] HIGHLOW
reloc 50 offset 318 [4318] HIGHLOW
reloc 51 offset 32d [432d] HIGHLOW
reloc 52 offset 338 [4338] HIGHLOW
reloc 53 offset 349 [4349] HIGHLOW
reloc 54 offset 356 [4356] HIGHLOW
reloc 55 offset 368 [4368] HIGHLOW
reloc 56 offset 36e [436e] HIGHLOW
reloc 57 offset 378 [4378] HIGHLOW
reloc 58 offset 393 [4393] HIGHLOW
reloc 59 offset 3a5 [43a5] HIGHLOW
reloc 60 offset 3b5 [43b5] HIGHLOW
reloc 61 offset 3bd [43bd] HIGHLOW
reloc 62 offset 3ca [43ca] HIGHLOW
reloc 63 offset 3e8 [43e8] HIGHLOW
reloc 64 offset 3f8 [43f8] HIGHLOW
reloc 65 offset 400 [4400] HIGHLOW
reloc 66 offset 413 [4413] HIGHLOW
reloc 67 offset 433 [4433] HIGHLOW
reloc 68 offset 43e [443e] HIGHLOW
reloc 69 offset 44a [444a] HIGHLOW
reloc 70 offset 468 [4468] HIGHLOW
reloc 71 offset 46e [446e] HIGHLOW
reloc 72 offset 485 [4485] HIGHLOW
reloc 73 offset 492 [4492] HIGHLOW
reloc 74 offset 49d [449d] HIGHLOW
reloc 75 offset 4a2 [44a2] HIGHLOW
reloc 76 offset 4ab [44ab] HIGHLOW
reloc 77 offset 4c0 [44c0] HIGHLOW
reloc 78 offset 4d0 [44d0] HIGHLOW
reloc 79 offset 4d5 [44d5] HIGHLOW
reloc 80 offset 4e4 [44e4] HIGHLOW
reloc 81 offset 4f5 [44f5] HIGHLOW
reloc 82 offset 500 [4500] HIGHLOW
reloc 83 offset 50c [450c] HIGHLOW
reloc 84 offset 51c [451c] HIGHLOW
reloc 85 offset 52b [452b] HIGHLOW
reloc 86 offset 539 [4539] HIGHLOW
reloc 87 offset 54a [454a] HIGHLOW
reloc 88 offset 555 [4555] HIGHLOW
reloc 89 offset 56e [456e] HIGHLOW
reloc 90 offset 579 [4579] HIGHLOW
reloc 91 offset 57e [457e] HIGHLOW
reloc 92 offset 593 [4593] HIGHLOW
reloc 93 offset 5ac [45ac] HIGHLOW
reloc 94 offset 5b1 [45b1] HIGHLOW
reloc 95 offset 5c3 [45c3] HIGHLOW
reloc 96 offset 5cb [45cb] HIGHLOW
reloc 97 offset 5d5 [45d5] HIGHLOW
reloc 98 offset 5da [45da] HIGHLOW
reloc 99 offset 5e9 [45e9] HIGHLOW
reloc 100 offset 5ee [45ee] HIGHLOW
reloc 101 offset 5fd [45fd] HIGHLOW
reloc 102 offset 602 [4602] HIGHLOW
reloc 103 offset 611 [4611] HIGHLOW
reloc 104 offset 616 [4616] HIGHLOW
reloc 105 offset 62d [462d] HIGHLOW
reloc 106 offset 632 [4632] HIGHLOW
reloc 107 offset 637 [4637] HIGHLOW
reloc 108 offset 649 [4649] HIGHLOW
reloc 109 offset 64e [464e] HIGHLOW
reloc 110 offset 653 [4653] HIGHLOW
reloc 111 offset 665 [4665] HIGHLOW
reloc 112 offset 66a [466a] HIGHLOW
reloc 113 offset 66f [466f] HIGHLOW
reloc 114 offset 681 [4681] HIGHLOW
reloc 115 offset 686 [4686] HIGHLOW
reloc 116 offset 68b [468b] HIGHLOW
reloc 117 offset 698 [4698] HIGHLOW
reloc 118 offset 6a5 [46a5] HIGHLOW
reloc 119 offset 6b0 [46b0] HIGHLOW
reloc 120 offset 6b8 [46b8] HIGHLOW
reloc 121 offset 6c6 [46c6] HIGHLOW
reloc 122 offset 6cc [46cc] HIGHLOW
reloc 123 offset 6db [46db] HIGHLOW
reloc 124 offset 6e8 [46e8] HIGHLOW
reloc 125 offset 6f3 [46f3] HIGHLOW
reloc 126 offset 6f8 [46f8] HIGHLOW
reloc 127 offset 6fe [46fe] HIGHLOW
reloc 128 offset 703 [4703] HIGHLOW
reloc 129 offset 714 [4714] HIGHLOW
reloc 130 offset 738 [4738] HIGHLOW
reloc 131 offset 748 [4748] HIGHLOW
reloc 132 offset 74c [474c] HIGHLOW
reloc 133 offset 750 [4750] HIGHLOW
reloc 134 offset 754 [4754] HIGHLOW
reloc 135 offset 758 [4758] HIGHLOW
reloc 136 offset 75c [475c] HIGHLOW
reloc 137 offset 760 [4760] HIGHLOW
reloc 138 offset 765 [4765] HIGHLOW
reloc 139 offset 76c [476c] HIGHLOW
reloc 140 offset 772 [4772] HIGHLOW
reloc 141 offset 783 [4783] HIGHLOW
reloc 142 offset 78a [478a] HIGHLOW
reloc 143 offset 790 [4790] HIGHLOW
reloc 144 offset 7a1 [47a1] HIGHLOW
reloc 145 offset 7a8 [47a8] HIGHLOW
reloc 146 offset 7ae [47ae] HIGHLOW
reloc 147 offset 7bf [47bf] HIGHLOW
reloc 148 offset 7c6 [47c6] HIGHLOW
reloc 149 offset 7cc [47cc] HIGHLOW
reloc 150 offset 7dd [47dd] HIGHLOW
reloc 151 offset 7e4 [47e4] HIGHLOW
reloc 152 offset 7ea [47ea] HIGHLOW
reloc 153 offset 801 [4801] HIGHLOW

Virtual Address: 00005000 Chunk size 32 (0x20) Number of fixups 12
reloc 0 offset 20 [5020] HIGHLOW
reloc 1 offset 24 [5024] HIGHLOW
reloc 2 offset 28 [5028] HIGHLOW
reloc 3 offset 2c [502c] HIGHLOW
reloc 4 offset 30 [5030] HIGHLOW
reloc 5 offset 34 [5034] HIGHLOW
reloc 6 offset 38 [5038] HIGHLOW
reloc 7 offset 40 [5040] HIGHLOW
reloc 8 offset 44 [5044] HIGHLOW
reloc 9 offset 48 [5048] HIGHLOW
reloc 10 offset 88 [5088] HIGHLOW
reloc 11 offset c4 [50c4] HIGHLOW

Virtual Address: 00009000 Chunk size 20 (0x14) Number of fixups 6
reloc 0 offset 0 [9000] HIGHLOW
reloc 1 offset 4 [9004] HIGHLOW
reloc 2 offset 8 [9008] HIGHLOW
reloc 3 offset c [900c] HIGHLOW
reloc 4 offset 0 [9000] ABSOLUTE
reloc 5 offset 0 [9000] ABSOLUTE

Sections:
Idx Name Size VMA LMA File off Algn
0 CODE 0000387c 00401000 00401000 00000400 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
1 DATA 000000c8 00405000 00405000 00003e00 2**2
CONTENTS, ALLOC, LOAD, DATA
2 BSS 00000000 00406000 00406000 00004000 2**2
CONTENTS
3 .idata 000005ea 00407000 00407000 00004000 2**2
CONTENTS, ALLOC, LOAD, DATA
4 .tls 00000000 00408000 00408000 00004600 2**2
CONTENTS
5 .rdata 00000018 00409000 00409000 00004600 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA, SHARED
6 .reloc 000003f4 0040a000 0040a000 00004800 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA, SHARED
7 .rsrc 0001e23c 0040b000 0040b000 00004c00 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA, SHARED

PeRdr by Frediano Ziglio. Build Dec 27 2007
++++++++++++++++++++++++ FILE HEADER INFORMATION +++++++++++++++++++++++++

TimeStamp: 2A425E19 Sat Jun 20 00:22:17 1992
Subsystem: 2 (Windows GUI)
Image Base: 00400000 Size: 0002A000
Code Base: 00001000 Size: 00003A00
Data Base: 00005000 Size: 0001F200
Entry Point: 00003FCC (file offset 000033CC)

++++++++++++++++++++++++++++++++ SECTIONS ++++++++++++++++++++++++++++++++

1: CODE RVA: 00001000 Offset: 00000400 Size: 00003A00 Flags: 60000020 (CER)
2: DATA RVA: 00005000 Offset: 00003E00 Size: 00000200 Flags: C0000040 (DRW)
3: BSS RVA: 00006000 Offset: 00004000 Size: 00000000 Flags: C0000000 (RW)
4: .idata RVA: 00007000 Offset: 00004000 Size: 00000600 Flags: C0000040 (DRW)
5: .tls RVA: 00008000 Offset: 00004600 Size: 00000000 Flags: C0000000 (RW)
6: .rdata RVA: 00009000 Offset: 00004600 Size: 00000200 Flags: 50000040 (DSR)
7: .reloc RVA: 0000A000 Offset: 00004800 Size: 00000400 Flags: 50000040 (DSR)
8: .rsrc RVA: 0000B000 Offset: 00004C00 Size: 0001E400 Flags: 50000040 (DSR)

++++++++++++++++++++++++++++++++ IMPORTS +++++++++++++++++++++++++++++++++

DLL: kernel32.dll
Addr: 000070A0 hint: 0(0000) Name: GetCurrentThreadId
Addr: 000070A4 hint: 0(0000) Name: GetLastError
Addr: 000070A8 hint: 0(0000) Name: ExitProcess
Addr: 000070AC hint: 0(0000) Name: WriteFile
Addr: 000070B0 hint: 0(0000) Name: SetFilePointer
Addr: 000070B4 hint: 0(0000) Name: SetEndOfFile
Addr: 000070B8 hint: 0(0000) Name: RtlUnwind
Addr: 000070BC hint: 0(0000) Name: ReadFile
Addr: 000070C0 hint: 0(0000) Name: RaiseException
Addr: 000070C4 hint: 0(0000) Name: GetStdHandle
Addr: 000070C8 hint: 0(0000) Name: GetFileSize
Addr: 000070CC hint: 0(0000) Name: GetSystemTime
Addr: 000070D0 hint: 0(0000) Name: GetFileType
Addr: 000070D4 hint: 0(0000) Name: CreateFileA
Addr: 000070D8 hint: 0(0000) Name: CloseHandle
Addr: 000070DC hint: 0(0000) Name: GetCommandLineA
Addr: 000070E0 hint: 0(0000) Name: TlsSetValue
Addr: 000070E4 hint: 0(0000) Name: TlsGetValue
Addr: 000070E8 hint: 0(0000) Name: LocalAlloc
Addr: 000070EC hint: 0(0000) Name: GetModuleHandleA
Addr: 000070F0 hint: 0(0000) Name: GetModuleFileNameA
Addr: 000070F4 hint: 0(0000) Name: FreeLibrary
Addr: 000070F8 hint: 0(0000) Name: HeapFree
Addr: 000070FC hint: 0(0000) Name: HeapReAlloc
Addr: 00007100 hint: 0(0000) Name: HeapAlloc
Addr: 00007104 hint: 0(0000) Name: GetProcessHeap

DLL: user32.dll
Addr: 0000710C hint: 0(0000) Name: CharNextA

DLL: oleaut32.dll
Addr: 00007114 hint: 0(0000) Name: SysFreeString
Addr: 00007118 hint: 0(0000) Name: SysReAllocStringLen

DLL: advapi32.dll
Addr: 00007120 hint: 0(0000) Name: RegSetValueExA
Addr: 00007124 hint: 0(0000) Name: RegOpenKeyA
Addr: 00007128 hint: 0(0000) Name: RegCloseKey

DLL: kernel32.dll
Addr: 00007130 hint: 0(0000) Name: WriteProcessMemory
Addr: 00007134 hint: 0(0000) Name: TerminateProcess
Addr: 00007138 hint: 0(0000) Name: Sleep
Addr: 0000713C hint: 0(0000) Name: SizeofResource
Addr: 00007140 hint: 0(0000) Name: SetThreadContext
Addr: 00007144 hint: 0(0000) Name: SetLastError
Addr: 00007148 hint: 0(0000) Name: SetFilePointer
Addr: 0000714C hint: 0(0000) Name: ResumeThread
Addr: 00007150 hint: 0(0000) Name: ReadProcessMemory
Addr: 00007154 hint: 0(0000) Name: ReadFile
Addr: 00007158 hint: 0(0000) Name: LockResource
Addr: 0000715C hint: 0(0000) Name: LoadResource
Addr: 00007160 hint: 0(0000) Name: GetThreadContext
Addr: 00007164 hint: 0(0000) Name: GetProcAddress
Addr: 00007168 hint: 0(0000) Name: GetModuleHandleA
Addr: 0000716C hint: 0(0000) Name: GetFileSize
Addr: 00007170 hint: 0(0000) Name: GetFileAttributesA
Addr: 00007174 hint: 0(0000) Name: GetEnvironmentVariableA
Addr: 00007178 hint: 0(0000) Name: FreeResource
Addr: 0000717C hint: 0(0000) Name: FindResourceA
Addr: 00007180 hint: 0(0000) Name: ExitProcess
Addr: 00007184 hint: 0(0000) Name: DeleteFileA
Addr: 00007188 hint: 0(0000) Name: CreateProcessA
Addr: 0000718C hint: 0(0000) Name: CreateFileA
Addr: 00007190 hint: 0(0000) Name: CopyFileA
Addr: 00007194 hint: 0(0000) Name: CloseHandle

DLL: shell32.dll
Addr: 0000719C hint: 0(0000) Name: ShellExecuteA
Addr: 000071A0 hint: 0(0000) Name: FindExecutableA

DLL: ntdll.dll
Addr: 000071A8 hint: 0(0000) Name: RtlDecompressBuffer

String
YZXu
tSVW
t:VW
SVWU
C<"u1S
Q<"u8S
7CF;
7CF;
]_^[
Ht Ht.
QSVW
_^[Y]
r/f=
w)f%
v)f=
SVWR
w%9
~ExC[)
2_^[
YYZX
SVWU
]_^[
SVWU
]_^[
SVWU
]_^[
SVWU
]_^[
;_^[
SVWRP
Z_^[X
It1S
t&J|
N|*9
t1SVW
;_^[
PSVW
_^[X
_^[X
SVWU
]_^[
]_^[
SVWU
]_^[
]_^[
USVW1
_^[]
ZYYd
UhQ*@
ZYYd
hX*@
ZYYd
%(q@
%$q@
% q@
%|q@
%xq@
%tq@
%pq@
%lq@
%hq@
%dq@
%`q@
%\q@
%Xq@
%Tq@
%Pq@
%Lq@
%Hq@
%Dq@
%@q@
%<q@
%8q@
%4q@
%0q@
ZYYd
ZYYd
ZYYd
SVW3
Uh).@
ZYYd
h0.@
ZYYd
Uh)0@
ZYYd
h00@
_^[YY]
ZYYd
a7qmt
untF_nctions
QQQQQQSVW
Uh43@
ZYYd
h;3@
Uh84@
ZYYd
h?4@
Uhm4@
ZYYd
ht4@
u jx
VirtualAllocEx
kernel32.dll
hl5@
u jx
VirtualProtectEx
kernel32.dll
ZwUnmapViewOfSection
ntdll.dll
Uh!6@
ZYYd
h(6@
ZYYd
ZYYd
ZYYd
ZYYd
ZYYd
Uhu;@
$3T$
CFOu
ZYYd
h|;@
ZYYd
Uh5<@
ZYYd
h<<@
SVWU
F;t$
]_^[
QSVW
_^[Y]
SVWU
]_^[
ZYYd
ZYYd
h$>@
ZYYd
_^[YY]
Uh)?@
ZYYd
h0?@
Uh[?@
ZYYd
hb?@
h<H@
hHH@
h$n@
PhPH@
=xo@
=xo@
=to@
5to@
h<H@
PhPH@
=to@
5to@
h<H@
ZYYd
.exe
open
SystemRoot
kernel32.dll
GetCurrentThreadId
GetLastError
ExitProcess
WriteFile
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetSystemTime
GetFileType
CreateFileA
CloseHandle
GetCommandLineA
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
user32.dll
CharNextA
oleaut32.dll
SysFreeString
SysReAllocStringLen
advapi32.dll
RegSetValueExA
RegOpenKeyA
RegCloseKey
kernel32.dll
WriteProcessMemory
TerminateProcess
Sleep
SizeofResource
SetThreadContext
SetLastError
SetFilePointer
ResumeThread
ReadProcessMemory
ReadFile
LockResource
LoadResource
GetThreadContext
GetProcAddress
GetModuleHandleA
GetFileSize
GetFileAttributesA
GetEnvironmentVariableA
FreeResource
FindResourceA
ExitProcess
DeleteFileA
CreateProcessA
CreateFileA
CopyFileA
CloseHandle
shell32.dll
ShellExecuteA
FindExecutableA
ntdll.dll
RtlDecompressBuffer
0&0.060>0F0N0V0^0f0n0v0~0
1/181J1b1
2B4+5T5[5b526G6z6
8D9K9\9h9
<"<1<7<E<U<h<r<v<|<
=,=D=_=~=
5Z8a8n8
9#9)9-9<9f9
:3:?:L:^:k:w:
;&;.;6;>;F;N;V;^;f;n;v;~;
0N0\0
0@1L1T1
1%2E2l2
3"3p3~3
3+4O4[4h4z4
5!51575]5
6.6:6i6
<#<0<B<
>*>2>\>
?$?6?C?V?h?l?p?t?x?|?
0&0/04090>0j0v0
1"1,171F1^1k1w1
2D2I2X2]2j2
3-383I3V3h3n3x3
434>4J4h4n4
5+595J5U5n5y5~5
6-62676I6N6S6e6j6o6
787H7L7P7T7X7\7`7e7l7r7
0$0(0,0004080@0D0H0
wwwwwwwwwwwwww
wwwwwwwwwwwwww
DDDDDDDDD@
DDDDDDDDDGpw
DDDDDDDDDGpw
DDDDDDDDDDDDDD
wwwwwwwwwwwwww
DDDDDD
wwwwww
&=O8
@RP,_5;c8|
P)\1
^O(?y|
}c(q
C$Og
juSR
*F"n
'54{M
l+:UO
E7e0YD_
TFk;b
!rw!b]t-
y\~#
`-kf?
uFQ$
Q`Oq*
t1Jo!8P
.ncH
IknP
|+OR
UQAt
CIYV
Shtm,Y
$^q<
q1~0
~(kq
FAGG
#}/h6
Fh7<
m I j6R
.Ng]
nT'A
(eo)
O`CM4
V2X[
f\!eLkI
ICS6_$
$x+i
kwmn
N&@y
TzW7
LAz;Jt`@
%%]t
6*+i
^TK%
<b>(vUyn
&N]6f
iv>Q')a
E$Z@K>
Kwio
Yj.S
;w@{
w,04D
]8*s
-GG|
oejzE+
cABVf
8(zPB
BiV
k]evOz
l5U`
IKg
,5:3
#_}R\
xy{C
@z&8
hE+Z.
|.&"
Qt)*W
daCMn
e^C7
!%yY
1G2Ej
ingo
$hVi\/$x
i#=Sv
,ST@V
Yxl,
_{\)
7>_u
`]lc:
AR8+
7OP<
siVM
xQGM+
kNJs
l-iH
Xk A
>|_#
?A&'t
7t-m
d" T
-^d!O
k)oD&T!
}Z=I
wG\@7
#4E]
7 9%
-w4|E8
Q="E
SXeR
r? Y
bEo|
OWzU
,xY1
(DA.
:F{!
RV!_
"Cb;KFw
e p>
}H2G
TV ^=
y wU>
&Wkn
JTnx
*.=Z k0qr{
[Q.-
&)?o
TIf8E
!o1N
_ TH
i8<
>TgJ
{ld h!
omWr
vSd&}
q<^qD
>-^#
l*5h
cN"/l
+O{$WW
'x=P
OD[1h
d4e2d
J2!9
+H[|
+~&R
g`O- G
r!>V
L@mK
7\dlNT
mV$w
zlAh[
_JR-w
z H[gb6$
<_d(
gFd+
N@:RL=@
y<JN
A%S9
=;jU
V~}]2
b {n
&jy::
pd/o8g!
u"72
j-/O
@Tf6
O)$&
gYe8
6)Vl
\Aqf
# yP
0+ d
>YHZv
V#rM
'NEW
e^TY
#OV?
Sphy
1(r
Itz:
?%?W
I=k9
PCus
at(`
S!Nq
{x1"
4}rr
,1g7Cnh
ijRs
0<%B
:<l9V
b$D:
czC2
9.M'
pRif3
bcR/
HC)- D
m12@
JagfT
RXB.
>4-Q#
akqR
.)v,
IuN|~
SlOJ
\`'iw
U6 3
7-_#d
d:9$
{VQ}
f}#[y{
bJdM(
SL|j
nW#~]
i*;d
t|U[
Z{Zp
IijK
w6ix
{f\f
0<@W
G`Pm
86WA`
i+]-
LtP-
`vj(F*
5Fa;:
xW%y
~7:lF
%4Wx2
UQA]
\g!tj1
d#N5
,cR?
Cop/
"F
M;1t
>0Z1d;E
QAOX
X&'pI
oW t!%N
n-#I3
*tSZ
pWHFH
FXW0
$8S}8
^({"]
}E<s
,#gX
c{#x
$EQ4|
3\6,
}lQ7;4
]{a- /
rH,.
(x(7
N{'^
ku3
#R"Hi
<oM-5
@gf>A
%j*E?
iBp^u
6*kq
rVC3
hMV>
h8(Pjw3
J!6Nk
LczT
mg8c'
k&<L$
Y;e#-U
]M1L
t+3.
{NnW
`V}&
(<I5
jPnz5V6p|
De<]
6\7s]D
E1#)
B['a/O
055t ^u
.?Dt!
odI'
C,rf
w|~%a
F Nz.
u)96
@%]"
$|ya
V]\D
|XTid
lp&q8\
T&bo
ik4>
DNY
YtB[
^]+RF
{Ywg
BI2X@r
5NWA
yQ3b@
.hc@Z!
p*z:
=Ywj
53meo
x1&7
K&e]
ge]!
^n^;/
F`}T
[u:3Xa
HQxH
dZ`G
d 0{
.H"]
{Ql!
iw`"
"x|
am't
T309
lj]x8p
mKig<
Cyg9
cf!:
?~J-r
K[{`
o`/m
!3Q5*YW
W*zG
- a
8=yH
bTM!
@+|u
:g'WK=
zVCE
Q2o6
l.7HM
V{h@
hyOyC
gaj ^:26
s5 s
#$K-$
HJbL
0aLNY
7 .1
H_j/u
D^L:k
IZUy
=I1t
" /7j
Zy5]
l`Z~
~@]8
gx $^
4?fjT
/0b[.
,?h94F
,'gV9
q,>I
h <3
)=(F
YVF#6
gh*mp
qR$L
[7 o
|dyp
Gd!`k
cLD%
Syew
JiLP
tDcqdK2
P8-d
fwN#
FUy8>'
avz`Wz
g]>:
[<bH
+a9V
=`F"
SHf /
aJE&
=|pAp
M=DO
Ei#X
'6S Xi
]zv>
CMmE
spWq"
Zc`>'
C!(G
^#i?
vl9b
#}Bd|y
1CBXgh
&z=4k
"MR|
FGp&
ZM!W(
@5:}
Z5XJpl
0jXt
tykfB
>7[
.~&7p
jIL*
Y_=rL
0BjOY
Z^X7
f&S^~yg
7s3M
k=aB
J0^-
z:zsN
7wKQ
36"Z
s;g|
DVE|
kj>{
{"|.
BF#qU~
/n1]
guIp3
`$\V
>9l'
O`4w
'<??P
`u~'$
I?!_`
T&g2
%|9-
BY+t
d@x[
`IiRP=
-vOk
<6,.;J)
?:_;yK
McMQ
RW2 Y?
:lOfm
wK5k
B@'Z
qE 4
B=`]D
IZji{73w
Lb*b
_@l(\
v4~j
hF< ;
(]P^C
whAq
@]yK
P%Dn!
Vv[%
s x
V'J!
K%g
bc>Z
6OE*
8-fD-
Q$~o
Y_Eb
@LeJ
s,n.
bc&L~
j|ew5
;{&]B
f[W$J8
VEQy
Mo/|'~
2fpyc
q2,k
L!K"
=SE3
KFx+fy
E<;3}
9~r:J-
$\5Q
pRh
Tf4%
D8BjnR
deS'P+
|sUV
a:t^
CBEfQ
6 o,
FY?#F
'S?F
r~Ndv
[A6)
=$:=(
gS~0
TBv~
hA{.
N4{o
DwQZ
FQmM&b
O#&C
!k^B
:~P
/+}5
poh>
g/Uo
v{j`
33Yp
yF6j
Lw~x
1R\Wp
ZZ!NG
*zfyxX
>v9-
K0Q4
Q}2S%
zIp|
& @mx+IF
z@1I
z~YA
IO5j
Y#!B
Z2x[9q
UWe!
xJL/
3>9r
ioB$L
''M9
Pr;(
.|=7]T
daM~
afpX
y)QG$L.
6|S`
*)&xn*
Rw\R
dRTU
&!z"A
NA7/
:GXqx_q
079Zcn
914Z
uX0l
pj[c
\yXe8
L<J7V
<.!u
>hBj:w
#@^T
G0!dfi
EOO?
KZp#
2G(N
=dPe
7\/$
Dz)f=&e
onf
l6F(I
b}t$gDF
*`\h
?OB:
"0 Ay
BigH
%T$|I
rpY2
LDq!
(M61+L
[\C<6
"j\ck
FG07
Y9k6U
c0v&
3.5wv
wo%%
$XZh<
A]w[
|6$9
w>a&
.|a@|
y8oyQ{*
pWAOt
APN/u"]
_L65
}S )
.ix[
v+,u
4:H<;
5 u2c2j
B._5W
);H)
]*o7
*64E
5rdY?
\_h|
>hsR
dpf
aBo1
Q~,W
2 m}pgb
L}(M
2D'SI
if^_
cph4
Cq;R0su1
(0Ehb
7f[9
<<7%?J
Y<20
{*)t
C-zf
\%:O
'u:gD`
0fJ-
D9l]
K#rw
5Gw'
i7 M
1 ip
e?z`
20tQtTQ=
q0#jo
yMbA
i|`Ne
<D6A
gcOz_7
VnjL
MVzc/
Y*kt~
[<}Y
[<Qe$
;s+ N`
K7C!
UJA
{ih&0
zKp9DC
WS 2
[\*y
%I`f
~Q2.
p\%2
f[\R
MT,+
EM9B
UYjb
w ~}0
Oc)'
XC0qC8
JD,_i
T?$K
d@FO]z
[)\f{
%^8Qp
.8<!%'_9{
r#8N
7$5F
^RJg
JcB+
?K#&
[(<ll|
WyRmR
}'[#
>~Ac
0f8C
BHh}
U~hu
/ED9]
f#4("
#t_M
wss0
RPVRnK^w
=^at
6MO
jCx(
oU[P
1 d;
yX"=7L{
Yi&)'"Y7
'e=X9$
c3LhY
V]g(JX\
[)a3
;X=4R
STZq`
>i
f\0B
KxPr
U&#Q
- ,>
;i|C
&5F7&
0:gd
t3FY
8gKK
$tx<
Y\1DQw
Happ9
(r#82u[R
p9Ps)
fo2.
]TnT
vH^"
-s+/R
nkIE
d>aQ
'Y!;
jjn3
>yGA
PY|E
;Cij
,NY7
r4+b
[MP(
VGv5;6
-inxt
IlLg
2%:y
pXd2
]ef4
-2{D
W^/D&
SM5j
$y]4&
Kt.M
RpX\
Dzo7
S1IC
u*`w
e~}
WC,/
U`@5
:3yt
% #|
oxNR}
A%WpLl
Yw6c
.0#q
p_ [<
v O8
c?,W
e=Hw
IOCS
C02;
~%wY
Ps;f
4JX7
]pDJm2
_4}B
nUi*
t>Y8\
29h\#Ol
lQy8
:z;R
~2}h
d`nP
8{X[
.Qwcu?j_
}00B
C^_Hx
I1%K
C7\C!
])s(6:
WS`~
Z?LfCc
HGkS
lzR{j
i#`z
O46*
<1_z
G2'
{L_-
k%J@8
3d t
myl"
GgUYtk
ub(J
54Q1
g5~s5
bL[9E
N>%rO
{d<^
)XM*
{k{A
iGYy
qwar
~B{*
lfn
w5v'
:Ov{
e^Pnu
(4g<x
[C+9
%U,S
G|j4P
_G"J
IMlC8Y
S-@O,
)Oni
e?qc
gmZi
hJ}<
D%FR_
B`csd
Qk"L
\s2H
w_SJ
g*J/kRL
`,GM
cCuX_
hBP5qh
|-IC?G
O1t P
THBU
<$*UJJ
%h @
+Ap
N?.5
,8nBP
{N+ad
%[yZR
`G[x
??A)
|MMi
Rqa~
XJJK
rb&<
Rz5@
#3gs)
b0<+
fdsc
2<!e
f#F=
Q'>"
l$ l|
7+g=
3 fx
mD`m7H
l=[V
r~o&Tb
E: ,G^~
xr:_
;=E:#
FG0I
\EQ?
GnRe
Qkj.
8\h`f
{H|T
.6N@@$(
SzQ7
a/ $
:}9Q
+"p%
S95RZM
m_'q
/Umka6/-
i-]e
a]&@
s4gG
[RfN
>[sJ
}j_X}
?Ro\
8HZO
J_`6
{&n/8
O$vM
EQNC
Uf&N
Riub
J<ci
Us9t
vc>/
S~\j
6-KS
"_ZV
5;&C.3
)Y%V
~UVqy-
vE`|
]MvM
vUK#Ki
,Hl3J$
0(^+y
$O}+
2DXo
,07l
L)Lu
-nwg
?3Xs
<;?+('s
EpyQ
T#M#`
",5|
k7;:S
n|/Y
RHo&
8RhS
?^:K
Ag:^F
hHg_
8_]Q{
tyw,
+%!9W
-7p)f
nRbx
7ljs
+I{\p3
2Xu[
_[v}'
SZ^P0v
wc:r
r7&mK1t
'P!Y
0Ay>
77'o
fmv r:+
Z!&"
(yc'
wUbS
5loJ3+
'yi=
:|.Z
xK<{
Oz2TE
~;H{aV
rc[G
oOZ>
xLT9)
{+%,
X5J?
F9Le
?K6ZN%Go
PwwP
=1<j
v#x]
B2rA
)~vR#x
JQ=%/
pfq&
'`VR
v#>W&
C?F}jH}
x:cb
cOoO
gvMy7
!E*P
\&"O
k93#_'
pK}
V>qHb
h$5*|
}*~d
+'qyb
n>?oU
DtU+fCO
o.$*
c6eW~sd
8zb-n
j@yU6
ERpw
gmg ~
`n;#t
QcUr
Fx!
#D .
Tliec
_ban
B?-,
2/z9{
QU&~
L$2]
bclW
7vyD
n$OC'
wbn9x
&GE(J
'->|4
hw-~8}
[^K:
5N(L*
#D.;
h*5.
{zD?yn
pwjH
rj}/
l7GE~
JW)I
~OG7
JMw}
a2ef
Eorf
JG'6
bM 6X
q,3]l99
&<yLV
.\NH
U]i~x
8al9
\*?h
cr(^$:
R jy$N:j
?|E,jl{/
Wo"'X
CD=]
Xg]iC
;t]c
Bwj|E
M>,As
VNu>.
?!lv9
hHTp
P]Al;9%FO;
o||]
EJr+R
V$-!
uV;_fd
fnF1
4L$f
tp-07
]Ht(
9tDK
evY1XdAp-
xRfJv
yg]/
5XV4
t70?
eUx7
g)u-
VobN$
HuoDg*
] s+
/` l;
vwpp
BXIt
9?|L
=oa.^
?aJ+
*bm67
3U~m
nlL&
_.Z*d
2679
'WHWJ
3#@$
~+g*
Aa~/
NY{L
\R{\
iyPa
hGgC
tPk$
[ca(-s
QE4}
{Pl:QD
/ !
B`eki
_lXfF
woMW
NVT:
8GKL
E[SA
x@[F
@mb>
y&?1i
tT(O
B"<R
wByU
?7 t
Q<z4pf
(zT{
iJD!
D0$n
=rh:y
*S&;U
Wp*x
~|Fm
Z&Rse
qtq>
Del#,c
AF^B
x,LB
$8<0
N/bt
^CiZg
$ cu@
%$(.
$\mV
OZDH^
x%fJ@
zO h
E.S(k
Kj\,
!*6$C'
m|Zs
P"?}
H)1w
KD#k
`[^d2X
XPr~
aj&G{.
+Xp~P
: a!2|
B7/Y
)FX7RH
c_t'
3;m;
e;9y<
6z@I
H7t\P
x{#?
eg(q}
:@$J
aeRs#OJ
xKRS
O/(X$
?fSv)
`g-c
g|>T
S4EA
Yy~E
bto<T
8Dr^
SCJ)+
DW=@
<#x^
BMTRS
hM1CP
8G??
V;?>o
6w"y^
'U2&
+8qYgyO}Z
r]YG
Mfw9
`3qo:o
(.n(
>0!U
",1c
UjxP
2SXi+bW{
x& l
'*FO
)0pj
+&Br
Ektt
W0Rv
9ucR
_v;{
cz0O>
7hZgK
<#"l,q
&V?4
m\(%
0x<W
>vT/
A*(K
kU:N
%[9Nq
~j!9
v ;~j
{[nc
4&UJ
NwK;
eM2aJ
p.1
e'p&
A_ph
ItH?H
S<{m
X;8l;
WyUBy
$eos
P?[D~
[k}N
gfHj
6,dY
Q.J#
OV3u
Xta*
5QA
M>>G
*>V;
zDn#
_!d|:?|
CJtL#M
jvS/
{a]i
sp7_z
08Il[
&38r
h$T0A
"Dk/
K;j]
'Ua6
o}do
Og;t
]\Bc
g^?>Z:'z
;]W\E
]x_.mf>@
jGV}t
7OJ8
cdEQ
"]1vm
yIwQS
82EN
GAL"
6 ,O(+
K@[n
V3sv
^L s
^c(c
vpxN
mj}b`
<4df
1Kx$=
[lz{
DJ7u0
`g]t
U.ra
fl2P^
aX7UM
3{_e
dZ#o
9TC}
c;J(
gq 1
@\}Q
%5Oo
C&v9^
7,mV
2@p<}
`OF8iQ
oC=^
j J~
P]/V
/dp2
(!{]%
nW0,5
tWU$(P[
CA~s
nM(l
@0YY
"%Mq]
yKorh
$@:6
wrVBc/Y%
0&a*
+-fq
+P<
Je\2
Bp+QS
hQm#
If{2
f>>lRO
F2E3
,t6v`
$+n6G
RbW`2C
!^=a^>7
I%K&
i'$3
<|}Q
i7VI
- Z
F=.;W
Q-<?~
>s$kK
9P?/
V~BK
.on5
dgQZ
=1LTh
L/N{"
7liJ
;;jh
C[xa
0g>n
<1cvE
&2bq|s
5\OG
K)t6n
5-'O
bRT
-(3j
oD`t
X(Y-
{VmG%
~.<3
n5UG
S8ch
2qd@
I>PW
lky2q
?XL;%
dqq0
1:hwM
X`7tqI
0C$-
vb9=
yWj\
glrM
"To,Q
)"S@
I?8<
HvCTd4
Cq(#
tE5X
iQA9
sV;bG
I<yo
o,oe
XWdt
-ie-r
&?cR
}|$^
}Y%$SJ/'
&f`9
k33u
}/ng
00*XC
E^W|P
uR\:
IczBH
EFRSN
==~M
Q/Wl
q/ =m
%!2}
GY{!
"4#V
!*|2
78k&
_[>s
qz,.U
fZq
pckdv
9*,]
rrP5b
KWn_
4}'f
mB@t
] '?F
eHd
_25X
` %iI
y_,By
__"*6`
a7LTs
~{cE
R)%h?o
G~&(
.N<L/ 3
Jm^y^
F:+f
IKDrJS
''b5
JX2;
#c8`R
vQ:,
C'`My
?>-$
Os<5
i.i2
F1Qb
P4L,!
.Yg@
.pLQ<
2%ss$
8b1r>d
YT~F
N^4T
*I6W
dU/b
z\HB\-&)
%U3"
b,/Xl
Ob'e
=nVxS
/h,e
yMea
Ri=i2
3-{a
qZ*M
&MEKzPno
6G}8
<M?6
~BOuT
De}>
9;glo*
<xg;G
.;qJ
ziKyz
NS1-
DQ}&4
gyT3
]n[h|
N)mH
8HUIJh
pv}/
Wn]P
zLIU9x
EpsfFJ
`."8
+?h`
Orhn
i+uej
|?wu2-
g[xD
-qA5
'K.>
<2nQ
-7Hsm
M2I$
f525
^G5E
Ie7#TC
*d&:]
,?i~
}@^3
#(OJ
3gIp
[84O6s
KFU6,
/ZN@T
@@Z@
@x_q
HWz!
V_KI^
Z]YmKE
ONM/9
mJe=
9e)P
y4d:Q
j@`s
1B'(
eS^=
nL2sr
nK]E
U~(0M_
}dw>/
("L
(@L&
pi06
Qn-$
|{T0
ZFZp~?
2%v=
?VLtN
-QCk
YukQ93i
.qC:
P#L=]
YQ*X
<,[t
?"08
rucw
~mAD
l-<U
^TaQ5i
*ddv
F zp
PFoKD
OM3/
@*MU
I_*6)
PbB"<Z
}R8#aF;t
W":w<
$.yt
Jz5)Uyy<
v5.r
f$]5M
%b9 xk?W
,9Vp
*|V{
*Kmx
%%4o_K
:"kh
dStub
ntddk
KWindows
System
SysInit
UTypes
retCompress
kRC4
PxOR
runmem
untF_nctions
*ShellAPI
NBQBEC
200507.exe
;oKXwp8`X7