Analysis Date2014-10-31 16:33:27
MD5ef009d342271495b1fd0311979e8007d
SHA105c319899da7556caa96507a52bee1f17fb33937

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: ab889e67761d08bcb5ef08949832bddf sha1: d0338aff873718ae474c9954afa040ec3cb8303d size: 323584
Section.rdata md5: 4168901b2fb82d63582b338fa208320d sha1: a6cfdb7e4f80cf85b5c73bf3b6b71c57e9457498 size: 53760
Section.data md5: a7a2c77be7d496ac17fdcd0cc66f2338 sha1: 170e90f84c098762ab25e2cb4cf02dd28c5faa02 size: 8192
Section.rsrc md5: cb816b9c01da2030edbda3a6f2f8c526 sha1: 929f68a17a30da763ca90ce93b4a53cf07c7797a size: 20992
Section.reloc md5: e98670b1fcef1b9f4a848d8cd2166779 sha1: 0060cbef089eb110e6d64665822e63ed1300aee5 size: 17408
Timestamp2014-04-17 16:26:16
VersionLegalCopyright: 2013
InternalName: trnrt
FileVersion: 3, 3, 17, 0
CompanyName: SPC LLC
LegalTrademarks: -
Comments: An
ProductName: SuperCharging
ProductVersion: 3, 3, 17, 0
FileDescription: DWD
PackerMicrosoft Visual C++ ?.?
PEhash8044911c89a6949d0952b45ba7f2be487749c44f
IMPhash8caab0a5d71069396109bb1c469e39e9
AV360 Safeno_virus
AVAd-Awareno_virus
AVAlwil (avast)no_virus
AVArcabit (arcavir)no_virus
AVAuthentiumW32/A-3006e021!Eldorado
AVAvira (antivir)no_virus
AVBullGuardno_virus
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftno_virus
AVEset (nod32)no_virus
AVFortinetno_virus
AVFrisk (f-prot)no_virus
AVF-Secureno_virus
AVGrisoft (avg)no_virus
AVIkarusPUA.4Shared
AVK7Unwanted-Program ( 0040f8dc1 )
AVKasperskyno_virus
AVMalwareBytesno_virus
AVMcafeeno_virus
AVMicrosoft Security EssentialsError Scanning File
AVMicroWorld (escan)no_virus
AVNormanno_virus
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)Downloader.GetFaster

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\UNT2.tmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\UNTA.tmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\UNT1.tmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\UNT3.tmp
Creates File\Device\Afd\AsyncConnectHlp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\UNT4.tmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\UNT5.tmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\UNT8.tmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\UNT7.tmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\UNT6.tmp
Creates FileC:\Documents and Settings\Administrator\Desktop\slot machine - \\xe0\\xb9\\x80\\xe0\\xb8\\xab\\xe0\\xb8\\x99\\xe0\\xb8\\xb7\\xe0\\xb9\\x88\\xe0\\xb8\\xad\\xe0\\xb8\\xa2\\xe0\\xb8\\x9a\\xe0\\xb9\\x89...ficial lyrics video].mp3
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\UNT9.tmp
Creates File\Device\Afd\Endpoint
Deletes FileC:\Documents and Settings\Administrator\Desktop\slot machine - \\xe0\\xb9\\x80\\xe0\\xb8\\xab\\xe0\\xb8\\x99\\xe0\\xb8\\xb7\\xe0\\xb9\\x88\\xe0\\xb8\\xad\\xe0\\xb8\\xa2\\xe0\\xb8\\x9a\\xe0\\xb9\\x89...ficial lyrics video].mp3
Winsock DNSdownloadget.net
Winsock DNSwww.adshost2.com
Winsock DNSdc727.4shared.com
Winsock DNStrack.getportal.net

Process
↳ C:\Program Files\Internet Explorer\iexplore.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window_Placement ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Locked ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutex_SHuassist.mtx
Creates MutexShell.CMruPidlList

Network Details:

DNSdownloadget.net
Type: A
162.159.244.192
DNSdownloadget.net
Type: A
162.159.245.192
DNSdownloadget.net
Type: A
162.159.244.192
DNSdownloadget.net
Type: A
162.159.245.192
DNSdownloadget.net
Type: A
162.159.244.192
DNSdownloadget.net
Type: A
162.159.245.192
DNSdownloadget.net
Type: A
162.159.244.192
DNSdownloadget.net
Type: A
162.159.245.192
DNSwww.adshost2.com
Type: A
68.233.228.234
DNSwww.adshost2.com
Type: A
74.50.103.39
DNStrack.getportal.net
Type: A
178.162.201.18
DNSdc727.4shared.com
Type: A
199.101.134.183
HTTP GEThttp://downloadget.net/smart-download/67010200066/bundle.exe?bundleorigin=4300107
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://downloadget.net/smart-download/67020103066/bundle.exe?bundleorigin=4300107
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://downloadget.net/smart-download/67230100/bundle.exe?bundleorigin=4300107
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://downloadget.net/smart-download/67703200/bundle.exe?bundleorigin=4300107
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://www.adshost2.com/at?subId=MjA0ODJ8NTMzMTB8VEh8M3wxfHw%7C828950dd04129dce6d6f577b378d6f3d
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://track.getportal.net/trackcnt/Kvg48RpSKKFNkW8e/?data=L4300107
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://track.getportal.net/trackcnt/Kvg48RpSKKFNkW8e/?data=BDB7703200O4300107
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://track.getportal.net/trackcnt/Kvg48RpSKKFNkW8e/?data=BDB7230100O4300107
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://track.getportal.net/trackcnt/Kvg48RpSKKFNkW8e/?data=BDB7020103066O4300107
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://track.getportal.net/trackcnt/Kvg48RpSKKFNkW8e/?data=BDB7010200066O4300107
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://track.getportal.net/trackcnt/Kvg48RpSKKFNkW8e/?data=BDE7010200066O4300107ER404
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://track.getportal.net/trackcnt/Kvg48RpSKKFNkW8e/?data=BDE7020103066O4300107ER404
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://track.getportal.net/trackcnt/Kvg48RpSKKFNkW8e/?data=BDE7703200O4300107ER404
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://track.getportal.net/trackcnt/Kvg48RpSKKFNkW8e/?data=BDE7230100O4300107ER404
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://www.adshost2.com/at?subId=MjA0ODJ8NTMzMTB8VEh8M3wxfHw%7Ce9f343f6aab8c39450641c67d80f8c57
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://track.getportal.net/trackcnt/Kvg48RpSKKFNkW8e/?data=M4300107
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://dc727.4shared.com/download/MdUHb1xjba?tsid=20140421-113503-9d08f350&forDownloadHelper=true&lgfp=11000&dsid=9ea4xf.01f299e76230d77b15c7d3bd009c6cb9&sbsr=68aeeb8ea27024835c98e575330f356e451c0a1867183949
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://track.getportal.net/trackcnt/Kvg48RpSKKFNkW8e/?data=E4300107
User-Agent: UniversalUserAgent(winHTTP)
Flows TCP192.168.1.1:1037 ➝ 162.159.244.192:80
Flows TCP192.168.1.1:1038 ➝ 162.159.244.192:80
Flows TCP192.168.1.1:1035 ➝ 162.159.244.192:80
Flows TCP192.168.1.1:1036 ➝ 162.159.244.192:80
Flows TCP192.168.1.1:1039 ➝ 68.233.228.234:80
Flows TCP192.168.1.1:1040 ➝ 178.162.201.18:80
Flows TCP192.168.1.1:1041 ➝ 178.162.201.18:80
Flows TCP192.168.1.1:1042 ➝ 178.162.201.18:80
Flows TCP192.168.1.1:1043 ➝ 178.162.201.18:80
Flows TCP192.168.1.1:1044 ➝ 178.162.201.18:80
Flows TCP192.168.1.1:1045 ➝ 178.162.201.18:80
Flows TCP192.168.1.1:1046 ➝ 178.162.201.18:80
Flows TCP192.168.1.1:1047 ➝ 178.162.201.18:80
Flows TCP192.168.1.1:1048 ➝ 178.162.201.18:80
Flows TCP192.168.1.1:1049 ➝ 68.233.228.234:80
Flows TCP192.168.1.1:1050 ➝ 178.162.201.18:80
Flows TCP192.168.1.1:1051 ➝ 199.101.134.183:80
Flows TCP192.168.1.1:1052 ➝ 178.162.201.18:80

Raw Pcap
0x00000000 (00000)   47455420 2f736d61 72742d64 6f776e6c   GET /smart-downl
0x00000010 (00016)   6f61642f 36373031 30323030 3036362f   oad/67010200066/
0x00000020 (00032)   62756e64 6c652e65 78653f62 756e646c   bundle.exe?bundl
0x00000030 (00048)   656f7269 67696e3d 34333030 31303720   eorigin=4300107 
0x00000040 (00064)   48545450 2f312e31 0d0a436f 6f6b6965   HTTP/1.1..Cookie
0x00000050 (00080)   3a200d0a 55736572 2d416765 6e743a20   : ..User-Agent: 
0x00000060 (00096)   556e6976 65727361 6c557365 72416765   UniversalUserAge
0x00000070 (00112)   6e742877 696e4854 5450290d 0a486f73   nt(winHTTP)..Hos
0x00000080 (00128)   743a2064 6f776e6c 6f616467 65742e6e   t: downloadget.n
0x00000090 (00144)   65740d0a 436f6e6e 65637469 6f6e3a20   et..Connection: 
0x000000a0 (00160)   4b656570 2d416c69 76650d0a 0d0a       Keep-Alive....

0x00000000 (00000)   47455420 2f736d61 72742d64 6f776e6c   GET /smart-downl
0x00000010 (00016)   6f61642f 36373032 30313033 3036362f   oad/67020103066/
0x00000020 (00032)   62756e64 6c652e65 78653f62 756e646c   bundle.exe?bundl
0x00000030 (00048)   656f7269 67696e3d 34333030 31303720   eorigin=4300107 
0x00000040 (00064)   48545450 2f312e31 0d0a436f 6f6b6965   HTTP/1.1..Cookie
0x00000050 (00080)   3a200d0a 55736572 2d416765 6e743a20   : ..User-Agent: 
0x00000060 (00096)   556e6976 65727361 6c557365 72416765   UniversalUserAge
0x00000070 (00112)   6e742877 696e4854 5450290d 0a486f73   nt(winHTTP)..Hos
0x00000080 (00128)   743a2064 6f776e6c 6f616467 65742e6e   t: downloadget.n
0x00000090 (00144)   65740d0a 436f6e6e 65637469 6f6e3a20   et..Connection: 
0x000000a0 (00160)   4b656570 2d416c69 76650d0a 0d0a       Keep-Alive....

0x00000000 (00000)   47455420 2f736d61 72742d64 6f776e6c   GET /smart-downl
0x00000010 (00016)   6f61642f 36373730 33323030 2f62756e   oad/67703200/bun
0x00000020 (00032)   646c652e 6578653f 62756e64 6c656f72   dle.exe?bundleor
0x00000030 (00048)   6967696e 3d343330 30313037 20485454   igin=4300107 HTT
0x00000040 (00064)   502f312e 310d0a43 6f6f6b69 653a200d   P/1.1..Cookie: .
0x00000050 (00080)   0a557365 722d4167 656e743a 20556e69   .User-Agent: Uni
0x00000060 (00096)   76657273 616c5573 65724167 656e7428   versalUserAgent(
0x00000070 (00112)   77696e48 54545029 0d0a486f 73743a20   winHTTP)..Host: 
0x00000080 (00128)   646f776e 6c6f6164 6765742e 6e65740d   downloadget.net.
0x00000090 (00144)   0a436f6e 6e656374 696f6e3a 204b6565   .Connection: Kee
0x000000a0 (00160)   702d416c 6976650d 0a0d0a              p-Alive....

0x00000000 (00000)   47455420 2f736d61 72742d64 6f776e6c   GET /smart-downl
0x00000010 (00016)   6f61642f 36373233 30313030 2f62756e   oad/67230100/bun
0x00000020 (00032)   646c652e 6578653f 62756e64 6c656f72   dle.exe?bundleor
0x00000030 (00048)   6967696e 3d343330 30313037 20485454   igin=4300107 HTT
0x00000040 (00064)   502f312e 310d0a43 6f6f6b69 653a200d   P/1.1..Cookie: .
0x00000050 (00080)   0a557365 722d4167 656e743a 20556e69   .User-Agent: Uni
0x00000060 (00096)   76657273 616c5573 65724167 656e7428   versalUserAgent(
0x00000070 (00112)   77696e48 54545029 0d0a486f 73743a20   winHTTP)..Host: 
0x00000080 (00128)   646f776e 6c6f6164 6765742e 6e65740d   downloadget.net.
0x00000090 (00144)   0a436f6e 6e656374 696f6e3a 204b6565   .Connection: Kee
0x000000a0 (00160)   702d416c 6976650d 0a0d0a              p-Alive....

0x00000000 (00000)   47455420 2f61743f 73756249 643d4d6a   GET /at?subId=Mj
0x00000010 (00016)   41304f44 4a384e54 4d7a4d54 42385645   A0ODJ8NTMzMTB8VE
0x00000020 (00032)   68384d33 77786648 77253743 38323839   h8M3wxfHw%7C8289
0x00000030 (00048)   35306464 30343132 39646365 36643666   50dd04129dce6d6f
0x00000040 (00064)   35373762 33373864 36663364 20485454   577b378d6f3d HTT
0x00000050 (00080)   502f312e 310d0a43 6f6f6b69 653a200d   P/1.1..Cookie: .
0x00000060 (00096)   0a557365 722d4167 656e743a 20556e69   .User-Agent: Uni
0x00000070 (00112)   76657273 616c5573 65724167 656e7428   versalUserAgent(
0x00000080 (00128)   77696e48 54545029 0d0a486f 73743a20   winHTTP)..Host: 
0x00000090 (00144)   7777772e 61647368 6f737432 2e636f6d   www.adshost2.com
0x000000a0 (00160)   0d0a436f 6e6e6563 74696f6e 3a204b65   ..Connection: Ke
0x000000b0 (00176)   65702d41 6c697665 0d0a0d0a            ep-Alive....

0x00000000 (00000)   47455420 2f747261 636b636e 742f4b76   GET /trackcnt/Kv
0x00000010 (00016)   67343852 70534b4b 464e6b57 38652f3f   g48RpSKKFNkW8e/?
0x00000020 (00032)   64617461 3d4c3433 30303130 37204854   data=L4300107 HT
0x00000030 (00048)   54502f31 2e310d0a 436f6f6b 69653a20   TP/1.1..Cookie: 
0x00000040 (00064)   0d0a5573 65722d41 67656e74 3a20556e   ..User-Agent: Un
0x00000050 (00080)   69766572 73616c55 73657241 67656e74   iversalUserAgent
0x00000060 (00096)   2877696e 48545450 290d0a48 6f73743a   (winHTTP)..Host:
0x00000070 (00112)   20747261 636b2e67 6574706f 7274616c    track.getportal
0x00000080 (00128)   2e6e6574 0d0a436f 6e6e6563 74696f6e   .net..Connection
0x00000090 (00144)   3a204b65 65702d41 6c697665 0d0a0d0a   : Keep-Alive....
0x000000a0 (00160)   0d0a436f 6e6e6563 74696f6e 3a204b65   ..Connection: Ke
0x000000b0 (00176)   65702d41 6c697665 0d0a0d0a            ep-Alive....

0x00000000 (00000)   47455420 2f747261 636b636e 742f4b76   GET /trackcnt/Kv
0x00000010 (00016)   67343852 70534b4b 464e6b57 38652f3f   g48RpSKKFNkW8e/?
0x00000020 (00032)   64617461 3d424442 37373033 3230304f   data=BDB7703200O
0x00000030 (00048)   34333030 31303720 48545450 2f312e31   4300107 HTTP/1.1
0x00000040 (00064)   0d0a436f 6f6b6965 3a200d0a 55736572   ..Cookie: ..User
0x00000050 (00080)   2d416765 6e743a20 556e6976 65727361   -Agent: Universa
0x00000060 (00096)   6c557365 72416765 6e742877 696e4854   lUserAgent(winHT
0x00000070 (00112)   5450290d 0a486f73 743a2074 7261636b   TP)..Host: track
0x00000080 (00128)   2e676574 706f7274 616c2e6e 65740d0a   .getportal.net..
0x00000090 (00144)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000a0 (00160)   2d416c69 76650d0a 0d0a6f6e 3a204b65   -Alive....on: Ke
0x000000b0 (00176)   65702d41 6c697665 0d0a0d0a            ep-Alive....

0x00000000 (00000)   47455420 2f747261 636b636e 742f4b76   GET /trackcnt/Kv
0x00000010 (00016)   67343852 70534b4b 464e6b57 38652f3f   g48RpSKKFNkW8e/?
0x00000020 (00032)   64617461 3d424442 37323330 3130304f   data=BDB7230100O
0x00000030 (00048)   34333030 31303720 48545450 2f312e31   4300107 HTTP/1.1
0x00000040 (00064)   0d0a436f 6f6b6965 3a200d0a 55736572   ..Cookie: ..User
0x00000050 (00080)   2d416765 6e743a20 556e6976 65727361   -Agent: Universa
0x00000060 (00096)   6c557365 72416765 6e742877 696e4854   lUserAgent(winHT
0x00000070 (00112)   5450290d 0a486f73 743a2074 7261636b   TP)..Host: track
0x00000080 (00128)   2e676574 706f7274 616c2e6e 65740d0a   .getportal.net..
0x00000090 (00144)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000a0 (00160)   2d416c69 76650d0a 0d0a6f6e 3a204b65   -Alive....on: Ke
0x000000b0 (00176)   65702d41 6c697665 0d0a0d0a            ep-Alive....

0x00000000 (00000)   47455420 2f747261 636b636e 742f4b76   GET /trackcnt/Kv
0x00000010 (00016)   67343852 70534b4b 464e6b57 38652f3f   g48RpSKKFNkW8e/?
0x00000020 (00032)   64617461 3d424442 37303230 31303330   data=BDB70201030
0x00000030 (00048)   36364f34 33303031 30372048 5454502f   66O4300107 HTTP/
0x00000040 (00064)   312e310d 0a436f6f 6b69653a 200d0a55   1.1..Cookie: ..U
0x00000050 (00080)   7365722d 4167656e 743a2055 6e697665   ser-Agent: Unive
0x00000060 (00096)   7273616c 55736572 4167656e 74287769   rsalUserAgent(wi
0x00000070 (00112)   6e485454 50290d0a 486f7374 3a207472   nHTTP)..Host: tr
0x00000080 (00128)   61636b2e 67657470 6f727461 6c2e6e65   ack.getportal.ne
0x00000090 (00144)   740d0a43 6f6e6e65 6374696f 6e3a204b   t..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a0d 0a204b65   eep-Alive.... Ke
0x000000b0 (00176)   65702d41 6c697665 0d0a0d0a            ep-Alive....

0x00000000 (00000)   47455420 2f747261 636b636e 742f4b76   GET /trackcnt/Kv
0x00000010 (00016)   67343852 70534b4b 464e6b57 38652f3f   g48RpSKKFNkW8e/?
0x00000020 (00032)   64617461 3d424442 37303130 32303030   data=BDB70102000
0x00000030 (00048)   36364f34 33303031 30372048 5454502f   66O4300107 HTTP/
0x00000040 (00064)   312e310d 0a436f6f 6b69653a 200d0a55   1.1..Cookie: ..U
0x00000050 (00080)   7365722d 4167656e 743a2055 6e697665   ser-Agent: Unive
0x00000060 (00096)   7273616c 55736572 4167656e 74287769   rsalUserAgent(wi
0x00000070 (00112)   6e485454 50290d0a 486f7374 3a207472   nHTTP)..Host: tr
0x00000080 (00128)   61636b2e 67657470 6f727461 6c2e6e65   ack.getportal.ne
0x00000090 (00144)   740d0a43 6f6e6e65 6374696f 6e3a204b   t..Connection: K
0x000000a0 (00160)   6565702d 416c6976 650d0a0d 0a204b65   eep-Alive.... Ke
0x000000b0 (00176)   65702d41 6c697665 0d0a0d0a            ep-Alive....

0x00000000 (00000)   47455420 2f747261 636b636e 742f4b76   GET /trackcnt/Kv
0x00000010 (00016)   67343852 70534b4b 464e6b57 38652f3f   g48RpSKKFNkW8e/?
0x00000020 (00032)   64617461 3d424445 37303130 32303030   data=BDE70102000
0x00000030 (00048)   36364f34 33303031 30374552 34303420   66O4300107ER404 
0x00000040 (00064)   48545450 2f312e31 0d0a436f 6f6b6965   HTTP/1.1..Cookie
0x00000050 (00080)   3a200d0a 55736572 2d416765 6e743a20   : ..User-Agent: 
0x00000060 (00096)   556e6976 65727361 6c557365 72416765   UniversalUserAge
0x00000070 (00112)   6e742877 696e4854 5450290d 0a486f73   nt(winHTTP)..Hos
0x00000080 (00128)   743a2074 7261636b 2e676574 706f7274   t: track.getport
0x00000090 (00144)   616c2e6e 65740d0a 436f6e6e 65637469   al.net..Connecti
0x000000a0 (00160)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000b0 (00176)   0d0a2d41 6c697665 0d0a0d0a            ..-Alive....

0x00000000 (00000)   47455420 2f747261 636b636e 742f4b76   GET /trackcnt/Kv
0x00000010 (00016)   67343852 70534b4b 464e6b57 38652f3f   g48RpSKKFNkW8e/?
0x00000020 (00032)   64617461 3d424445 37303230 31303330   data=BDE70201030
0x00000030 (00048)   36364f34 33303031 30374552 34303420   66O4300107ER404 
0x00000040 (00064)   48545450 2f312e31 0d0a436f 6f6b6965   HTTP/1.1..Cookie
0x00000050 (00080)   3a200d0a 55736572 2d416765 6e743a20   : ..User-Agent: 
0x00000060 (00096)   556e6976 65727361 6c557365 72416765   UniversalUserAge
0x00000070 (00112)   6e742877 696e4854 5450290d 0a486f73   nt(winHTTP)..Hos
0x00000080 (00128)   743a2074 7261636b 2e676574 706f7274   t: track.getport
0x00000090 (00144)   616c2e6e 65740d0a 436f6e6e 65637469   al.net..Connecti
0x000000a0 (00160)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000b0 (00176)   0d0a2d41 6c697665 0d0a0d0a            ..-Alive....

0x00000000 (00000)   47455420 2f747261 636b636e 742f4b76   GET /trackcnt/Kv
0x00000010 (00016)   67343852 70534b4b 464e6b57 38652f3f   g48RpSKKFNkW8e/?
0x00000020 (00032)   64617461 3d424445 37373033 3230304f   data=BDE7703200O
0x00000030 (00048)   34333030 31303745 52343034 20485454   4300107ER404 HTT
0x00000040 (00064)   502f312e 310d0a43 6f6f6b69 653a200d   P/1.1..Cookie: .
0x00000050 (00080)   0a557365 722d4167 656e743a 20556e69   .User-Agent: Uni
0x00000060 (00096)   76657273 616c5573 65724167 656e7428   versalUserAgent(
0x00000070 (00112)   77696e48 54545029 0d0a486f 73743a20   winHTTP)..Host: 
0x00000080 (00128)   74726163 6b2e6765 74706f72 74616c2e   track.getportal.
0x00000090 (00144)   6e65740d 0a436f6e 6e656374 696f6e3a   net..Connection:
0x000000a0 (00160)   204b6565 702d416c 6976650d 0a0d0a0a    Keep-Alive.....
0x000000b0 (00176)   0d0a2d41 6c697665 0d0a0d0a            ..-Alive....

0x00000000 (00000)   47455420 2f747261 636b636e 742f4b76   GET /trackcnt/Kv
0x00000010 (00016)   67343852 70534b4b 464e6b57 38652f3f   g48RpSKKFNkW8e/?
0x00000020 (00032)   64617461 3d424445 37323330 3130304f   data=BDE7230100O
0x00000030 (00048)   34333030 31303745 52343034 20485454   4300107ER404 HTT
0x00000040 (00064)   502f312e 310d0a43 6f6f6b69 653a200d   P/1.1..Cookie: .
0x00000050 (00080)   0a557365 722d4167 656e743a 20556e69   .User-Agent: Uni
0x00000060 (00096)   76657273 616c5573 65724167 656e7428   versalUserAgent(
0x00000070 (00112)   77696e48 54545029 0d0a486f 73743a20   winHTTP)..Host: 
0x00000080 (00128)   74726163 6b2e6765 74706f72 74616c2e   track.getportal.
0x00000090 (00144)   6e65740d 0a436f6e 6e656374 696f6e3a   net..Connection:
0x000000a0 (00160)   204b6565 702d416c 6976650d 0a0d0a0a    Keep-Alive.....
0x000000b0 (00176)   0d0a2d41 6c697665 0d0a0d0a            ..-Alive....

0x00000000 (00000)   47455420 2f61743f 73756249 643d4d6a   GET /at?subId=Mj
0x00000010 (00016)   41304f44 4a384e54 4d7a4d54 42385645   A0ODJ8NTMzMTB8VE
0x00000020 (00032)   68384d33 77786648 77253743 65396633   h8M3wxfHw%7Ce9f3
0x00000030 (00048)   34336636 61616238 63333934 35303634   43f6aab8c3945064
0x00000040 (00064)   31633637 64383066 38633537 20485454   1c67d80f8c57 HTT
0x00000050 (00080)   502f312e 310d0a43 6f6f6b69 653a200d   P/1.1..Cookie: .
0x00000060 (00096)   0a557365 722d4167 656e743a 20556e69   .User-Agent: Uni
0x00000070 (00112)   76657273 616c5573 65724167 656e7428   versalUserAgent(
0x00000080 (00128)   77696e48 54545029 0d0a486f 73743a20   winHTTP)..Host: 
0x00000090 (00144)   7777772e 61647368 6f737432 2e636f6d   www.adshost2.com
0x000000a0 (00160)   0d0a436f 6e6e6563 74696f6e 3a204b65   ..Connection: Ke
0x000000b0 (00176)   65702d41 6c697665 0d0a0d0a            ep-Alive....

0x00000000 (00000)   47455420 2f747261 636b636e 742f4b76   GET /trackcnt/Kv
0x00000010 (00016)   67343852 70534b4b 464e6b57 38652f3f   g48RpSKKFNkW8e/?
0x00000020 (00032)   64617461 3d4d3433 30303130 37204854   data=M4300107 HT
0x00000030 (00048)   54502f31 2e310d0a 436f6f6b 69653a20   TP/1.1..Cookie: 
0x00000040 (00064)   0d0a5573 65722d41 67656e74 3a20556e   ..User-Agent: Un
0x00000050 (00080)   69766572 73616c55 73657241 67656e74   iversalUserAgent
0x00000060 (00096)   2877696e 48545450 290d0a48 6f73743a   (winHTTP)..Host:
0x00000070 (00112)   20747261 636b2e67 6574706f 7274616c    track.getportal
0x00000080 (00128)   2e6e6574 0d0a436f 6e6e6563 74696f6e   .net..Connection
0x00000090 (00144)   3a204b65 65702d41 6c697665 0d0a0d0a   : Keep-Alive....
0x000000a0 (00160)   0d0a436f 6e6e6563 74696f6e 3a204b65   ..Connection: Ke
0x000000b0 (00176)   65702d41 6c697665 0d0a0d0a            ep-Alive....

0x00000000 (00000)   47455420 2f646f77 6e6c6f61 642f4d64   GET /download/Md
0x00000010 (00016)   55486231 786a6261 3f747369 643d3230   UHb1xjba?tsid=20
0x00000020 (00032)   31343034 32312d31 31333530 332d3964   140421-113503-9d
0x00000030 (00048)   30386633 35302666 6f72446f 776e6c6f   08f350&forDownlo
0x00000040 (00064)   61644865 6c706572 3d747275 65266c67   adHelper=true&lg
0x00000050 (00080)   66703d31 31303030 26647369 643d3965   fp=11000&dsid=9e
0x00000060 (00096)   61347866 2e303166 32393965 37363233   a4xf.01f299e7623
0x00000070 (00112)   30643737 62313563 37643362 64303039   0d77b15c7d3bd009
0x00000080 (00128)   63366362 39267362 73723d36 38616565   c6cb9&sbsr=68aee
0x00000090 (00144)   62386561 32373032 34383335 63393865   b8ea27024835c98e
0x000000a0 (00160)   35373533 33306633 35366534 35316330   575330f356e451c0
0x000000b0 (00176)   61313836 37313833 39343920 48545450   a1867183949 HTTP
0x000000c0 (00192)   2f312e31 0d0a436f 6f6b6965 3a200d0a   /1.1..Cookie: ..
0x000000d0 (00208)   55736572 2d416765 6e743a20 556e6976   User-Agent: Univ
0x000000e0 (00224)   65727361 6c557365 72416765 6e742877   ersalUserAgent(w
0x000000f0 (00240)   696e4854 5450290d 0a486f73 743a2064   inHTTP)..Host: d
0x00000100 (00256)   63373237 2e347368 61726564 2e636f6d   c727.4shared.com
0x00000110 (00272)   0d0a436f 6e6e6563 74696f6e 3a204b65   ..Connection: Ke
0x00000120 (00288)   65702d41 6c697665 0d0a0d0a 67656e74   ep-Alive....gent
0x00000130 (00304)   2877696e 48545450 290d0a48 6f73743a   (winHTTP)..Host:
0x00000140 (00320)   20747261 636b2e67 6574706f 7274616c    track.getportal
0x00000150 (00336)   2e6e6574 0d0a436f 6e6e6563 74696f6e   .net..Connection
0x00000160 (00352)   3a204b65 65702d41 6c697665 0d0a0d0a   : Keep-Alive....
0x00000170 (00368)   0d0a436f 6e6e6563 74696f6e 3a204b65   ..Connection: Ke
0x00000180 (00384)   65702d41 6c697665 0d0a0d0a            ep-Alive....

0x00000000 (00000)   47455420 2f747261 636b636e 742f4b76   GET /trackcnt/Kv
0x00000010 (00016)   67343852 70534b4b 464e6b57 38652f3f   g48RpSKKFNkW8e/?
0x00000020 (00032)   64617461 3d453433 30303130 37204854   data=E4300107 HT
0x00000030 (00048)   54502f31 2e310d0a 436f6f6b 69653a20   TP/1.1..Cookie: 
0x00000040 (00064)   0d0a5573 65722d41 67656e74 3a20556e   ..User-Agent: Un
0x00000050 (00080)   69766572 73616c55 73657241 67656e74   iversalUserAgent
0x00000060 (00096)   2877696e 48545450 290d0a48 6f73743a   (winHTTP)..Host:
0x00000070 (00112)   20747261 636b2e67 6574706f 7274616c    track.getportal
0x00000080 (00128)   2e6e6574 0d0a436f 6e6e6563 74696f6e   .net..Connection
0x00000090 (00144)   3a204b65 65702d41 6c697665 0d0a0d0a   : Keep-Alive....
0x000000a0 (00160)   35373533 33306633 35366534 35316330   575330f356e451c0
0x000000b0 (00176)   61313836 37313833 39343920 48545450   a1867183949 HTTP
0x000000c0 (00192)   2f312e31 0d0a436f 6f6b6965 3a200d0a   /1.1..Cookie: ..
0x000000d0 (00208)   55736572 2d416765 6e743a20 556e6976   User-Agent: Univ
0x000000e0 (00224)   65727361 6c557365 72416765 6e742877   ersalUserAgent(w
0x000000f0 (00240)   696e4854 5450290d 0a486f73 743a2064   inHTTP)..Host: d
0x00000100 (00256)   63373237 2e347368 61726564 2e636f6d   c727.4shared.com
0x00000110 (00272)   0d0a436f 6e6e6563 74696f6e 3a204b65   ..Connection: Ke
0x00000120 (00288)   65702d41 6c697665 0d0a0d0a 67656e74   ep-Alive....gent
0x00000130 (00304)   2877696e 48545450 290d0a48 6f73743a   (winHTTP)..Host:
0x00000140 (00320)   20747261 636b2e67 6574706f 7274616c    track.getportal
0x00000150 (00336)   2e6e6574 0d0a436f 6e6e6563 74696f6e   .net..Connection
0x00000160 (00352)   3a204b65 65702d41 6c697665 0d0a0d0a   : Keep-Alive....
0x00000170 (00368)   0d0a436f 6e6e6563 74696f6e 3a204b65   ..Connection: Ke
0x00000180 (00384)   65702d41 6c697665 0d0a0d0a            ep-Alive....


Strings
...
...
....
..
....
 
 
CC
.00-+ 00-+ 
0
\
-
 
.
-E-
-0
-0010+-0
0
-000...........?- 
0
0
0
0
DuTW
000004b0
%%%02X
"123 you ag123ree to 
2013
3, 3, 17, 0
400 Bad Request
401 Unauthorized
403 Forbidden
404 Not Found
408 Request Timeout
500 Internal Server Error
502 Bad Gateway
503 Service Unavailable
504 Gateway Timeout
a([a-zA-Z0-9])
ABORT_CONFIRMATION
Accept: */*
_All_Ctrls_Orig_Proc_
alwaysrunas
 and 
AppID
APPLICATION_NAME
Are you sure you want to abort download?
B123y c123licking "
b([ \t])
_Btn_Is_Checked_
button
Cancel
Cannot download file from:
Cannot download file, URL is empty.
Cannot download from
Cannot download the requested files.
c([a-zA-Z])
Change
charset={[A-Za-z0-9\-_]+}
_Class_Pointer_Property_
CLSID
Comments
CompanyName
Component Categories
Content-Length: 
Content-Length: {[0-9]+}
Content-Type: application/x-www-form-urlencoded
_Control_Color_
Cookie: 
Cz([0-9]+)
d([0-9])
Delete
Dialog
Download Directory
Downloading...
 Do you want to continue?
edit
Ejjh
Ejjjjjjjjjjjjj
#empty
Empty URL
English
equal
eula
.exe
Fast download app
file
FileDescription
FileType
FileVersion
folder
ForceRemove
                                 H
         (((((                  H
h([0-9a-fA-F])
h123ttp://down123load-faster.net/error.jsp?msg=downloadhelperxmlnotfound
Hardware
         h((((                  H
{<html[^\>]*>.*<body[^\>]*>.*<\/body>.*<\/html>.*}
%i%%
IDC_MAIN_BUTTON_DOWNLOAD
IDC_MAIN_TEXT_DOWNLOAD_DST
IDC_MAIN_TEXT_INTRO
IDC_MAIN_TEXT_REQUESTED_FILE_PRE
IDC_PROGRESS_TEXT_FILENAME
Ignore and continue
Interface
InternalName
Invalid DateTime
Invalid DateTimeSpan
%i%% - %s
jjjj
jjjjj
jjjjjjjjj
KERNEL32.DLL
_Label_Original_Proc_
_Lbl_Background_Color_
LegalCopyright
LegalTrademarks
License Agreement
Location: {[A-Za-z0-9\-_%+*:;/.=?&]+}
Location of the downloaded file:
Mime
mscoree.dll
msctls_progress32
MS Shell Dlg
ndefault
NoRemove
(null)
open
openas
openasfile
Open file
policy
POST
Privacy Policy
ProductName
ProductVersion
q("[^"]*")|('[^']*')
Quit
Range: bytes=%i-
renameto_
\r\n
runas
SECURITY
Select target dir..
Server answered: 
Set-Cookie:\b*{.+?}\n
shell32.dll
Show
Show in Explorer
Skip
SkipAll
Software
Software\Microsoft\Internet Explorer
SPC LLC
static
StringFileInfo
substring
SuperCharging
SYSTEM
Translation
trnrt
TypeLib
Unexpected network error
Unexpected network error, cannot download %s
UniversalUserAgent(winHTTP)
URL: 
utf-8
VarFileInfo
VS_VERSION_INFO
w([a-zA-Z]+)
wGET
                          
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0p0z0
(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
0$0(0,040L0\0`0p0t0x0|0
0$0,040<0D0L0T0\0d0l0t0|0
00080<0D0L0T0h0p0t0|0
0 0+0B0N0[0b0
0,040<0H0h0p0x0
0$080D0L0d0p0
*0:0d0
0!101?1G1g2y2
010M0b0
/0(1;1
0%111:1H1W1r1
#0>1]1q1z1
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0*1E1`1{1
0-1F1U1Z1{1
0@1M1l1y1
; ;$;(;0;4;
040D0H0X0\0l0p0t0x0
:$:(:,:0:4:8:<:@:
< <$<(<,<0<4<8<<<@<D<H<L<P<T<`<d<h<l<p<t<x<|<
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
< <0<4<8<<<L<P<T<X<h<l<p<t<
051C1e1
0(7;7$8
? ?(?0?8?@?
080<0@0
= =(=0=8=@=H=P=X=`=h=p=x=
> >(>0>8>@>H>P>X>`>h>p>x>
:(:0:8:@:H:T:t:
0a2o2?3_3l3
0A@@Ju
:0:<:D:\:|:
0d3h3l3p3t3
?,?0?@?D?H?L?T?l?|?
;0;d;m;
;0;<;D;t;
+0H0~0
? ?$?(?0?H?L?d?h?
 0j0{0
@0L0b0
<0<P<p<
:0:P:p:
0SSSSS
:#:0:T:
=$=0=T=\=d=l=x=
<0===V=
0WWWWW
0X1x1h2
0:yO_LG
101<1D1t1
102A3q4
110503070000Z
1(1,10181P1`1d1t1x1|1
1*111_1u1
1 1$14181H1L1\1`1d1l1
#11171Q1V1e1n1{1
1(141<1l1
1$1D1`1|1
1:1P1r1
1"2*262
1)262@2N2W2a2
1=3J3n3
140410145045Z
141H1T1\1
142M2_2
161>1V1g1
161230073353Z0c1
181D1d1p1
=!=&=1=9=B=Y=m=w=
1B2I2_2f2w2
;1<C<a<
:&:1:<:D:c:r:w:
1e2,353
1joE|b=z
1N3[3Z5g5
1#QNAN
1#SNAN
202<2D2t2
203K3n3
2$20282T2t2
2 2$2(2,2024282@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
2 2$2(2,20282P2T2l2p2
2$2,282\2h2
2)242X2a2h2q2
2"262=2C2Q2X2]2f2s2y2
2 282H2L2\2`2d2l2
2,282X2`2h2p2x2
2#2A2_2}2
2(2A2W2z2
2?2I2]2
2%3*3/343D3s3
2$343H3\3h3p3
2$383D3L3d3p3
2;3H3n3!404L4
2<4j5}5Y7
;!;-;2;7;=;A;G;L;R;W;f;|;
?#?2?A?P?_?n?}?
2k3z3e4T5
2x4X5!6R6h6
<(<3<]<
?&?3?:?
30343L3P3h3x3|3
303D3P3X3t3|3
310503070000Z0
3,303@3D3H3P3h3x3|3
3&313Y3}3
3 3$3(3
3$3,343<3D3L3T3\3d3l3t3|3
3 3,383D3P3[3
3)3;3O3
3(3;3S3e3
3;3H3'464
3,3L3p3
3 454d4
3 4H4h4
3,4k4t4
375I5v5
?#?)?3?B?a?~?
3C5P5Z6`6i6
3D4T4h4|4
3E5S5[5h5
=,=3===g=u={=
:$:):3:>:h:
?3?O?d?
3p4t4x4|4
;3;Q;~;
=3=Q=X=\=`=d=h=l=p=t=
3R4a4]5k5
3R6a6y6}8
3X4l4s4
41484K4R4e4l4
424A4N4Z4j4q4
4(4,40484P4`4d4t4x4|4
4#4*4/4
444@4d4l4t4|4
444D4H4X4\4`4h4
4"454<4O4V4{4
4.454L4a4
4<4P4\4d4
4-5_5>7|7
4	5.5J5
4"5H507W9[9_9c9g9k9o9s9
4 5s5y5
4"5U5d5m5
484D4d4p4
<$<4<8<H<L<P<T<\<t<
;4;8;H;l;x;
?$?,?4?@?d?
>$>,>4><>D>L>T>\>d>l>
;4;<;D;L;T;\;d;l;t;|;
=$=,=4=<=D=L=T=\=d=l=x=
;$;,;4;<;D;L;T;\;d;p;
<$<,<4<<<D<L<T<\<h<
4G4b4p4
=$>4>H>\>h>p>
4http://certificates.godaddy.com/repository/gdig2.crt0
4HUaR)
;|<4=K>Y>n>
>4Q4:5
4X5d5w5
51m1}1
525>5e5r5w5
545D5H5X5\5d5|5
5 5(515;5J5y5
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
5(5,5<5@5H5`5p5t5
5 5@5H5P5\5|5
5$5:5P5m5
5,5-7A7
5,585\5|5
5(5d5x5
5;5h5r5z5
5=5n5u5~5
5&656\6*7
5-6F6Y6r6
:';,;5;:;C;P;[;d;{;
5D5X5d5l5
>!>,>5>:>E>T>f>t>
5h>l>p>t>
>5>Q>f>
>)>5?r?
5U6Z6b6
646@6|6
658?9N9
6,646@6`6h6t6
6!6,626=6B6N6
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
6!6)6.686C6m6K<
6 6$6,6D6T6X6h6l6|6
6 6(6D6L6T6`6
6(6C6M6W6
6(6D6\6|6
6$6D6L6T6\6d6l6x6
6$6I6f6
6,6S6|6
6&7,747A7U7o7
6,7C7L7^7g7
6/7J7_7q7w7
6)7M7x7
6/7R7u7
=6>A>\>c>h>l>p>
=	>6>c>
?6?E?T?f?
>&>6>;>F>K>U>e>j>u>z>
>6>G>_>~>
6h6n6v6
6J8E9Z=g=
6O6e6j6
6R6/7\7
71789Q9
727:7X7`7
747@7`7h7t7
7)727>7Z7i7r7
7$747H7\7h7p7
7 7>7\7z7
7!7,787M7T7h7o7
7$7-7B7K7c7
7$7>7J7R7b7w7
7,7@7l7
7 787H7L7\7`7d7l7
7$787L7X7`7|7
7$7D7P7p7x7
7)888L8a8v8
788`8s8
7,8^8k8
7"8E8n8
7G8_8w8
7XJ-#s]
80868D8
82:?:_:
829^9f9
8,848<8D8L8T8`8
8 8,848L8X8x8
8)8.878H8Q8u8
8,888\8h8
8$8,888X8d8
8 8(8@8P8T8\8t8
8+8:8A8N8q8
8)8E8k8
8=8P8Y8d8o8x8
8!8r8w8
8;8t8|8
8!939g:	;';M;
8.9A9p9
8[9n9I;
8%9P9k9
8b8l8v8
? ?$?(?8?@?D?H?L?P?T?X?\?`?d?p?
;$<8<D<L<|<
>(>8><>@>D>L>d>t>x>
:$:(:8:<:D:\:l:p:
:,:8:\:d:l:x:
=$=,=8=\=d=p=
> >8>H>L>\>`>h>
=(=8=<=L=P=X=p=
=)>8>X>
909@9D9T9X9\9d9|9
929A9J9
949@9d9p9
9 :&:/:6:
9$909P9X9`9l9
9(949<9d9|9
9,989@9l9
9#9-969A9M9R9b9g9m9s9
9*9/9:9?9E9P9g9l9t9
9"9>9V9|9
9<9\9x9
9$9D9P9p9x9
9C3J3W
9':C:f:y:
9`;d;h;l;p;t;x;|;
9E9Z:e:
9i:9=P=
9n9t:y:
9|Y[?J
A1P1o1
AAFFf;
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
@<;AD~
Adobe ImageReadyq
ADVAPI32.dll
:$:.:A:]:g:
;-;A;G;H<
AHXLXN
AlphaBlend
america
american
american english
american-english
:A>&?>?n?
An application has made an attempt to load the C runtime library incorrectly.
AppendMenuW
Arizona1
      <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
</assembly>PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
.?AUctype_base@std@@
August
.?AUIFake@@
.?AUITextWidther@@
`Au>P].
australian
autolaunch
;$<A<V<
.?AVbad_alloc@std@@
.?AVbad_cast@std@@
.?AVbad_exception@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AVBundlesSliderWindow@@
.?AVCAtlException@ATL@@
.?AV?$ctype@D@std@@
.?AVCustomWindow@@
.?AVDiskFile@@
.?AVexception@std@@
.?AVfacet@locale@std@@
.?AVfailure@ios_base@std@@
.?AVFileBase@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AVLabelTextSetter@@
.?AVlength_error@std@@
.?AVLoaderCallback@@
.?AV_Locimp@locale@std@@
.?AVlogic_error@std@@
.?AVMainDownloaderWindowSlider@@
.?AVMainWindow@@
.?AVMemoryFile@@
.?AV?$MemPoolT@$0CE@@tinyxml2@@
.?AV?$MemPoolT@$0CM@@tinyxml2@@
.?AV?$MemPoolT@$0DA@@tinyxml2@@
.?AV?$MemPoolT@$0DE@@tinyxml2@@
.?AVMemPool@tinyxml2@@
.?AV?$NOT_Checker@VXmlRegCheck@@@@
.?AVNullFile@@
.?AV?$OR_Checkers@V?$NOT_Checker@VXmlRegCheck@@@@@@
.?AV?$OR_Checkers@VXmlFileFolderCheck@@@@
.?AV?$OR_Checkers@VXmlRegCheck@@@@
.?AVout_of_range@std@@
.?AVProgressDownloaderWindow@@
.?AVruntime_error@std@@
.?AVServerResponsesHandler@@
.?AVtype_info@@
.?AVUrlOpener@Utilities@@
.?AVWinHttpSmartLoader@@
.?AVXMLAttribute@tinyxml2@@
.?AVXmlBackImage@@
.?AVXmlBinary@@
.?AV?$XmlBundledContent@VXmlComplexDescriptionBundle@@@@
.?AVXmlBundleEulaText@@
.?AVXmlBundleLine@@
.?AVXmlBundleNumber@@
.?AVXmlBundleText@@
.?AVXMLComment@tinyxml2@@
.?AVXmlComplexBundlesLoadManager@@
.?AVXmlComplexDescriptionBundle@@
.?AVXmlContentBase@@
.?AVXMLDeclaration@tinyxml2@@
.?AVXMLDocument@tinyxml2@@
.?AVXMLElement@tinyxml2@@
.?AVXmlExBundle@@
.?AVXmlFileFolderCheck@@
.?AVXmlIconedBundle@@
.?AVXmlLaunchValidation@@
.?AVXmlLink@@
.?AVXmlLoaderBase@xml@@
.?AVXmlLoadManager@@
.?AVXMLNode@tinyxml2@@
.?AVXmlRawBundle@@
.?AVXmlRegCheck@@
.?AVXMLText@tinyxml2@@
.?AVXmlUniversalStyleContent@@
.?AVXMLUnknown@tinyxml2@@
.?AVXmlValidationResponse@@
;A$w0j
=&=,=<=A=Y=_=n=t=
backimages
bad allocation
bad cast
bad exception
bad format for extra1 (need "LM" or "CU" or "CR"
bad format for extra3 (need "command:value"
 Base Class Array'
 Base Class Descriptor at (
__based(
BeginPaint
belgian
binary
BitBlt
bottom
:*:<:b:q:
:B<Q<s=
BringWindowToTop
britain
bsbLs#&s?
;$<B=U=
bundle0buttonLabel
bundle0fileName
bundle0header1
bundle0header2
bundle0header3
bundle0requestLabel
bundlebeforelaunch
bundle%d
bundle%dbuttonLabel
bundle%deulatext
bundle%dex
bundle%dfileName
bundle%dheader1
bundle%dheader2
bundle%dheader3
bundle%dicon
bundle%dlines
bundledownloaderror
bundledownloadstart
bundledownloadsuccess
bundle%drequestLabel
bundlelauncherror
bundlelaunchsuccess
bundleperscreen
bundlepostsuccess
bundlestimeout
buttonLabel
?B?X?h?n?v?
=/?>?c?
:#:[:c:
CallWindowProcW
canadian
cancelbutton
cCP	V 
<![CDATA[
__cdecl
checkbox
CheckDlgButton
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
=)>C>L>~>
 Class Hierarchy Descriptor'
CloseHandle
__clrcall
CoCreateInstance
CoInitializeEx
COMCTL32.dll
 Complete Object Locator'
CONOUT$
`copy constructor closure'
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
CorExitProcess
CoTaskMemFree
C PjPV
C$PjQV
C.PjRV
C/PjSV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
CreateCompatibleBitmap
CreateCompatibleDC
CreateDialogParamW
CreateDIBSection
CreateEventW
CreateFileA
CreateFileW
CreateFontIndirectW
CreateFontW
CreatePatternBrush
CreatePopupMenu
CreateSolidBrush
CreateThread
CreateWindowExW
- CRT not initialized
cR"#Wi@*<
>]>c>t>
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
 delete
 delete[]
DeleteCriticalSection
DeleteDC
DeleteFileW
DeleteObject
  </dependency>
  <dependency>
    </dependentAssembly>
    <dependentAssembly>
DestroyMenu
DestroyWindow
DispatchMessageW
DOMAIN error
downloaderror
? ?D?P?t?|?
DrawFrameControl
DrawTextW
dutch-belgian
?(?d?x?
;$;D;X;f;
<(<D<Y<
;$<;<D<Y<
`dynamic atexit destructor for '
`dynamic initializer for '
dynboth
dynleft
dyntop
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
EnableWindow
EncodePointer
EndDialog
EndPaint
england
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
EnterCriticalSection
EnumChildWindows
EnumSystemLocalesA
EnumWindows
;E;T;Z;
ExitProcess
ExpandEnvironmentStringsW
expire
extra1
extra2
extra3
@@f90u
>+>F>a>
failon302redirect
__fastcall
February
filecheck
fileName
filepostcheck
FillRect
FindWindowExW
fixHeight
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsA
FreeEnvironmentStringsW
french-belgian
french-canadian
french-luxembourg
french-swiss
Friday
GAIsProcessorFeaturePresent
GDI32.dll
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
GetACP
GetActiveWindow
GetAncestor
GetClientRect
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetCursorPos
GetDlgCtrlID
GetDlgItem
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileAttributesW
GetFileSize
GetFileType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetMessageW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetObjectW
GetOEMCP
GetParent
GetProcAddress
GetProcessId
GetProcessWindowStation
GetPropW
GetStartupInfoA
GetStdHandle
GetStockObject
GetStringTypeA
GetStringTypeW
GetSysColorBrush
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathW
GetTextExtentPoint32W
GetTickCount
GetUserDefaultLCID
GetUserObjectInformationA
GetVersionExW
GetWindowLongW
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
:G;g;l;z<
GlobalFree
GoDaddy.com, Inc.1-0+
GoDaddy.com, Inc.110/
(Go Daddy Root Certificate Authority - G20
*Go Daddy Secure Certificate Authority - G2
*Go Daddy Secure Certificate Authority - G20
great britain
!>GSAZK
>G?T?{?
gZ/Pu4
`h````
h1w1	2
hcenter
>$>(>H>d>h>
header1
header2
header3
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
`h`hhh
HH:mm:ss
><>H>h>t>
HHtXHHt
HHtYHHt
holland
hong-kong
?(?H?P?d?l?
+http://certificates.godaddy.com/repository/0v
$http://certs.godaddy.com/repository/1301
$http://crl.godaddy.com/gdig2s5-0.crl0S
$http://crl.godaddy.com/gdroot-g2.crl0F
http://ocsp.godaddy.com/0@
http://ocsp.godaddy.com/05
%https://certs.godaddy.com/repository/0
hybridFileName
hybridUrl
 IDATx
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:3DD5C9019D5C11E3BA01FEA404FAD141" xmpMM:DocumentID="xmp.did:3DD5C9029D5C11E3BA01FEA404FAD141"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3DD5C8FF9D5C11E3BA01FEA404FAD141" stRef:documentID="xmp.did:3DD5C9009D5C11E3BA01FEA404FAD141"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:598858EB9D6511E3BA01FEA404FAD141" xmpMM:DocumentID="xmp.did:598858EC9D6511E3BA01FEA404FAD141"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:598858E99D6511E3BA01FEA404FAD141" stRef:documentID="xmp.did:598858EA9D6511E3BA01FEA404FAD141"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:69D1948E9D6511E3BA01FEA404FAD141" xmpMM:DocumentID="xmp.did:95DCFAFA9D6511E3BA01FEA404FAD141"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:69D1948C9D6511E3BA01FEA404FAD141" stRef:documentID="xmp.did:69D1948D9D6511E3BA01FEA404FAD141"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:F78B75BF9D6D11E3BA01FEA404FAD141" xmpMM:DocumentID="xmp.did:F78B75C09D6D11E3BA01FEA404FAD141"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F78B75BD9D6D11E3BA01FEA404FAD141" stRef:documentID="xmp.did:F78B75BE9D6D11E3BA01FEA404FAD141"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>i
>If90t
=I>[>h>z>
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
installonclose
InterlockedDecrement
InterlockedIncrement
introscreen
InvalidateRect
invalid map/set<T> iterator
invalid string position
ios_base::badbit set
ios_base::eofbit set
ios_base::failbit set
irish-english
IsDebuggerPresent
IsDialogMessageW
IsDlgButtonChecked
IsValidCodePage
IsValidLocale
IsWindow
italian-swiss
iTCNO5s
$iTXtXML:com.adobe.xmp
;)<<<j<
j0}0Y2
j1|(hl
j9SQGu
JanFebMarAprMayJunJulAugSepOctNovDec
January
J'\'Gg
j h0~E
:J;h;z;
jJ_HNF=
j@j ^V
'j%[Kk
JL	H+1
:#:;:J:S:
j"^SSSSS
jThP}E
jXhxzE
KERNEL32
KERNEL32.dll
KillTimer
K%K0?(
;K;T;`;
L1Bd3T
launch-params
launch-type
launchValidation
LC_ALL
LC_COLLATE
LC_CTYPE
LCMapStringA
LCMapStringW
LC_MONETARY
LC_NUMERIC
LC_TIME
= =@=L=d=h=
LeaveCriticalSection
leftBorder
line%d
:>;L;k;
;(;L;l;
>L>[>o>~>
LoadCursorW
LoadIconW
LoadImageW
LoadLibraryA
LoadLibraryW
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
;$;<;L;P;`;d;h;l;p;x;
lstrcatW
lstrcmpiA
lstrcmpiW
lstrcpynW
lstrcpyW
lstrlenA
lstrlenW
>(>L>T>\>d>l>t>|>
:(:L:X:|:
]_l?[y%
;@;L;Y;e;t;
;)<l<z<
mainbundle
maincheckbox
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
MapWindowPoints
masteraction
masterclose
masterrun
masterstart
maxoffernumber
MessageBoxA
MessageBoxW
metalink
</metalink>
metaurl
Microsoft Visual C++ Runtime Library
MM/dd/yy
Monday
MoveFileW
MoveWindow
:*:M:p:
MSIMG32.dll
MultiByteToWideChar
need key path
 new[]
New IT Limited0
New IT Limited1
new-zealand
Nicosia1
norwegian
norwegian-bokmal
norwegian-nynorsk
Norwegian-Nynorsk
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
(null)
?O?^?|?
O0Z0k0w0
October
ODMgqQ
offset
OiCCPPhotoshop ICC profile
ole32.dll
`omni callsig'
operator
"&:o}y
<$<<<\<p<|<
__pascal
PathFileExistsW
PathIsDirectoryW
PathRemoveFileSpecW
PathRenameExtensionW
PathStripPathW
;<;P;\;d;|;
`placement delete closure'
`placement delete[] closure'
Please contact the application's support team for more information.
policy
policytext
portuguese-brazilian
postchecktimeout
PostMessageW
PostQuitMessage
PPh01E
PPhh1E
PPPPPPPP
PQQQSVW
PQQSVW
pr china
pr-china
Program: 
<program name unknown>
PT5KiN
__ptr64
puerto-rico
- pure virtual function call
<@=P=z=
QQSVWd
QueryPerformanceCounter
; <Q<Z<
qz9,(q]@P
radiocustom
radioquick
RaiseException
rd-7rt
`.rdata
ReadFile
regcheck
regcheck_notexists
RegCloseKey
RegOpenKeyExW
regpostcheck
regpostcheck_notexists
RegQueryValueExW
ReleaseDC
@.reloc
RemovePropW
        <requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
      <requestedPrivileges>
requestLabel
__restrict
RjY FW
rLJ42u
RP-/88
;';R;s;
RtlUnwind
runtime error 
Runtime Error!
<!--%s-->
<?%s?>
Saturday
`scalar deleting destructor'
Scottsdale1
ScreenToClient
    </security>
    <security>
SelectObject
SendDlgItemMessageW
SendMessageW
September
SetBkMode
SetCursor
SetDlgItemTextW
SetEvent
SetFilePointer
SetFocus
SetForegroundWindow
SetHandleCount
SetLastError
SetPropW
SetStdHandle
SetTextColor
SetTimer
SetUnhandledExceptionFilter
SetWindowLongW
SetWindowPos
SetWindowTextW
!Sh@*<
SHBrowseForFolder
SHCreateDirectoryExW
SHCreateStreamOnFileEx
SHELL32.dll
ShellExecuteExW
Shell_NotifyIconW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHLWAPI.dll
SHOpenFolderAndSelectItems
SHOpenWithDialog
showskip
showskipall
ShowWindow
silent
SING error
slovak
:S;n;{;
south africa
south-africa
south korea
south-korea
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
s[S;7|G;w
^SSSSS
startrightafterskip
stats-url
stats-url2
__stdcall
stopandgo
`string'
string too long
StrStrIW
StrToIntExW
subidlaunch
Sunday
SunMonTueWedThuFriSat
swedish-finland
=$===S=y=
T0i0y0
t2h@KE
t7h$TE
TerminateProcess
TEvh&uD
tEXtSoftware
t$h0UE
t"h8UE
t&h<@E
t&h @E
+t HHt
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
Thursday
t;h<XE
tinyxml2::XMLDocument error id=%d str1=%s str2=%s
< tK<	tG
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
t#/nnv
topBorder
tR99u2
TrackPopupMenuEx
TranslateMessage
trh,OE
trinidad & tobago
  </trustInfo>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
TryEnterCriticalSection
t"SS9]
<+t(<-t$:
t$<"u	3
Tuesday
;t$,v-
t VV9u
t+WWVPV
 Type Descriptor'
`typeof'
u3h -E
uBhw1C
`udt returning'
u,h0]E
u;h8]E
!Ui@*<
u)jAXf;
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UNICODE
uninstall
uniquescreen
united-kingdom
united-states
Unknown exception
UpdateWindow
UQPXY]Y[
url_download_method
url_params
URPQQh
USER32.dll
USER32.DLL
UTF-16LE
u,VVWV
`vbase destructor'
`vbtable'
`vcall'
vcenter
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
vector<T> too long
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
#v|g%Mi
virgin
VirtualAlloc
`virtual displacement map'
VirtualFree
v m2=:
v	N+D$
v~vq$?;
_VVVVV
:w:0;H;M;
WaitForMultipleObjects
WaitForSingleObject
Wednesday
WICConvertBitmapSource
WideCharToMultiByte
WindowsCodecs.dll
WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WINHTTP.dll
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetOption
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpWriteData
wintitle
WriteConsoleA
WriteConsoleW
WriteFile
^WWWWW
?.?X?g?
xml version="1.0"
<?xml version="1.0" encoding="UTF-8"?>
xml version="1.0" encoding="UTF-8"
xODrrc1
<?xpacket begin="
xppwpp
xpxxxx
yn\S&W}#
=&=Y=o=
>=Yt1j
?Z?`?d?h?l?
ZIl8M,
<*=Z=o=
ZP'J.G
z#w8B-