Analysis Date2018-06-06 12:18:58
MD5aa2e3f0bd5a61439c397e2f7cb741371
SHA14893456819e78a0f129fa12f8b428368e142aef6

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 92b57b53852f2f6b85be86aa526bf65e sha1: dab7c3d03b013dbf1155643159979a184b148324 size: 27136
Section.rdata md5: f5a73e7c87f861b831f6c1c3cf5411d2 sha1: 577357777ba7b98618616657116aa201be3eb07a size: 7168
Section.data md5: 83405c0aee86274a7c5ed18c60af69c9 sha1: 9f7757d23d8639189b07f1cad1058e8df4b81177 size: 3584
Section.rsrc md5: e3baeabae756acc2a29a96437ace1e32 sha1: 7f809d555cb477ab0ae98cd64a77e1f06dbe07eb size: 56832
Section.yrdata md5: 9ce1d2b5313c7c65806514ace52c05ce sha1: f69e9e483d4ba86a15c87e1bab3a09932f119d40 size: 1212756
Sectiontzapglw md5: 0ab7cc36e1fb26d4f08db3661a4390e0 sha1: 60a7960b1f6ac5e6664f5efc28b9db744355895c size: 56320
Sectionyunljda md5: cf1cdb865f0ae87805b335ac3945c990 sha1: 4d3fa5f2332dddc7e0b3cc7cc56e358c3ebc3164 size: 72448
Timestamp1986-04-27 21:26:08
PackerMicrosoft Visual C++ ?.?
PEhashf990944368eaabd4d2bb672c8b798700207f5889
IMPhash3ca23fafa03c96d0d47acccc22a886a5
AV360 Safeno_virus
AVAd-AwareGen:Variant.Kazy.528959
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)Gen:Variant.Kazy.528959
AVAuthentiumW32/Trojan.JBHK-1567
AVAvira (antivir)TR/Patched.Ren.Gen7
AVBullGuardGen:Variant.Kazy.528959
AVCA (E-Trust Ino)Win32/FakeFLDR_i
AVCAT (quickheal)Backdoor.Bifrose.IQ4
AVClamAVWin.Trojan.Agent-816713
AVDr. WebTrojan.DownLoad3.5776
AVEmsisoftGen:Variant.Kazy.528959
AVEset (nod32)Win32/Kryptik.AAHE
AVFortinetW32/Agent.AAHE!tr
AVFrisk (f-prot)W32/Trojan2.NXBX
AVF-SecureGen:Variant.Kazy.528959
AVGrisoft (avg)Generic27.ARDR
AVIkarusBackdoor.Win32.Bifrose
AVK7Trojan ( 003594471 )
AVKasperskyTrojan-Downloader.Win32.Agent.gykw
AVMalwareBytesno_virus
AVMcafeeTrojan-FCEM!AA2E3F0BD5A6
AVMicrosoft Security EssentialsBackdoor:Win32/Bifrose.IQ
AVMicroWorld (escan)Gen:Variant.Kazy.528959
AVRisingno_virus
AVSophosMal/Behav-043
AVSymantecDownloader.Trojan
AVTrend MicroMal_OtorunN
AVVirusBlokAda (vba32)TrojanDownloader.Agent

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\4893456819e78a0f129fa12f8b428368e142aef6.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\StubPath ➝
"C:\Setup\CacheMgr.exe" -as

Process
↳ C:\Windows\SysWOW64\cmd.exe

Process
↳ C:\Windows\SysWOW64\cmd.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\4893456819e78a0f129fa12f8b428368e142aef6.exe

Process
↳ C:\Setup\CacheMgr.exe

Network Details:


Raw Pcap

Strings
.CC 
...l
..
w.
D
.
/.6_
.
.
..
"..FD.
..
.c.,H
Y.w..
.
*{?
i

                                 H
         (((((                  H
         h((((                  H
	IDI_ICON1(
jjjjj
jjjjjj
KERNEL32.DLL
mscoree.dll
ntdll.dll
                          
(@./*-
}(|"$|#
}}}}}~
}}}}}}
}}}}}}[
$,[	\,
*$^]=~
&______
#<&< @
0@@/@/
000v:A/%l
!00dc%
?00dc:
00dc<	
00dc;	
00dc&	
00dc2	
"00dci
00dcl	
00dc-M
_00dcO
00dcx	
{00dcy
/00dcZ
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
[,01a%!
_01wb 
}<01wb
@01wb@
`01wbh
`=,01wbh
^01wbh
~01wbh
)!01wbh
*01wbh
#01wbh
0=4(^|
05XZ_d
)!06	o)
`0#8E}
0*#{.A
0A]}	;e4
0aHY{/
0A@@Ju
0BVG*qq
^0CD:-S
+0?`Co
0dT;e&
0Ek?bR
0|~$ H
-%:0H0
$0ht.8a
.0Jq1~_K
0=l@Z!
0NpNfc
0!oX(y
0pCKV=6
,0pNOOL
<0q5R}
0"rJp0
0SSSSS
0t4YoC
?*0#V"
@0v>^Jxa
)^'0>V+O_[[[[[
0VpLdT
0WWWWW
0&xd3f
0XpPg-
:[0XR[
;0/Y?!M
,@%1@+
)1,|!)
\$	1.(
(101wb
10M5a_5
10nNL:
167)\]
1DE6u@sN
1g<,1[
1geLBg%
,1\GJR
%1hiV 
&#:1IA
1)^}i"W
1jJk\R
1l|CHvZ
1Lx|*`
1NFlRN
*1POa+1
1q1K~5S
1sq+Q&
1'T&MS
>:^1Tv
!1#U?o/
1VOzj"
^\]1WR
1 {>X~|Z
?1Y"#%
1Ye|?^
201wb 
201wbh
20Z0{	
2]68;k
,2{!a[C%
2ag#)W
?2+aiRk<
,2Bk F
|`2bL4
$2bLV	"
2=cBK-
2C~D3!
@2]CO,
2DbZ<j
>2(Dc,e
2{)e9M
`2EB>^Yg
)2e(Jd)|
}_2g$cd*
@2!H2P
2i;l&:
2J:EK5
?2Jq1~
2kHs	z
2m\ozA
2NaD 2N
\2q"-k
2QPQzQJ
2R~bKj
2&Slwr
2T+Q$JP
2uwuuj
2:V+Go
)2W]:t
2YbdOZ
2%|ysr
&2z1APk
`<^!3<
30H`#Q
3_0LFJ
.33)ql
3=d+N5?
3E+%kX
3\fDfN}O
3GZlc`
3H	<DK
3J@#?^
3JP%|L
	3>$	K
3L)Lys
-3.nqI
<3{T\$E
3$tttttu
3TUJ!#
_3uE]t
3Vg16Q
3'$XfB
3zc{RBl
}}}}4^
$40~^I
4!{1x8
*430${)b
481imO^t
4B2=)^
-4Bj%)
.4!Br4M
4c_,XXb
[4dt	FQ
4F#'8k'
4Gf=95
$4gk'a 
4,,J./
*4jh?1
4jp#A[
4Ld,*p
4}Mob	
4~&Mq7
4N1urK
4N:5LZESs
4N.tfsTP
4^q8r*
)4?:r|
!4r0,{=4
4]=#s}
4shtGy
,4T<'B
4{tHOz_
4T(tH{
4u00dc
4,Uchw
4v$y$[Gz8
4XptBc
4++yG1R
4!$Ynq
!%&&"5,
5^____
51cDa1
51(IW}26
51{QCq
@52!FD
5_6q}[
-5($6,r
5,8EJ	
"|59aK
5*#a,>
5aMoQx
5);c`>
5*}Dd`'
5[e$\`
5F\zm[
5G"D-.<
5gQF@0
5!h$K[
5&j8`?F^v
5-[*k}
5n6V6VDr
)5nBB4
5_OERy
5:QRB&
5,ss\g%
\5`t0b
5+uI^O
5!!vYh
5w8%,w
5 <Y@M
^]!}6?
@601wb
601wbh
	6%1!_
61:8qr
;6_1K+
6"2L7+
6"4DRY
6668:>p
+6,8!0
6_9TSa*
6{.Af%
6.:B`>%
6+CmP`
6DFI`SD4*
:::6\)F
6F^z|j
6I}/ll
6i<roK*h
6j0):J+w
6[Kr3eL
6l-FNE
6m}}}}}-_
;6NdiH
6__N&[G
6[p}4;
,/6PG"2
6pQG<k
6SJp|F
6s&)Wr
6SxP~&A
,6Tp&	H
6u`LH5
6u{s=a
6w,	L\_
6X;}|_
6Y;v^.k
6%,ZY[
7,&,%.
700dcvd
-71j&u(Cn
72@H:so
7{2Qnv
$7"2%R
7^5Oh-G
:_ 7#7
7A$B #i
7a.I4F
?~7air
(7b 8H,
\%`7cHG<
7DB`L3
7ffmH)
7fYKL<
7GC2GC
7HD1=V
7&hJ(*
7j5a@H4-
$7j..i
7jL<H9
7K3MG69
7mZzZ.
=7"{nd
7Q[c1~xN
7R3hEY:O
7(!@S6
7S9:$a
)<$7%t
7T\j# `
7TL,*C
<&-7xj
7--Y*u
7$z,(g
7?Zp&"
\:]8^/
]801wbh
80$z**,
81pENw
8]>50o!
8%{@6K@
8BI%;D
;~8BnCF0
8}eq:x
8GTO%mj
@:8H+_
/<8h`4
#8hTaX
8imKb)
?_><8k
8k;YIO
)8$!lOR
8#?.NO*
8ov++h
8P|'0q
8p+ED/
8p&hAL
]8p/"i
} 8&rc
>8+s+$
8S)E+>}
8sju;{FU
@`[8u-
8`V4})
8yA9:AO`
8Z*71P
8Z_F]*
901wbh
93HfBf
;93o1I
97$%:7
98JI1R
*9=9#P
99#@P'
9AQW5E
{	/9BF
9(CXau
=9#;(*d
{,9\d^W;
9FxDjT
9}Ga'3
>9G_Ej
9(g'Kg
9h864N
9iB={3
}9i$ktP
#9</>:=k
9mnQoFF`
9#omy aGF
<9-|pH
9&pH<J
9}qCnP
9rOak>
9rsaM0,a
9(:(s{
%9sE4&yZ
9^t|(A
9u01wb
^9*ubT$g
9+UE]MK|.
9URptx
9%WLIg
9w:|Z?
a 0000pE2o~O
A;"01wbh
A0/R0#
a4)^kK>
A4;<m.Z4
(a!*4@x
@=[ a5
A5yE?/s
}=|A7y1
AA8;B52
AAFFf;
AA]r:6rFE
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
AB:i7nx
(	)Abr
a:BX" 
#acP"0
Ad|l7j
AeZq!1/
af01wbh
|AFeG("
aGaXV>
( @a(H
Ah5=B]
^AhlVh
|=ai8hB&
+AI!E;
aiR]xbN
AiX	'Y
*a&je^
Ak3iB'
AL{\\0=C
ALe\p#Ts
]A-"M_
a:m17H
aMB&F4
 >\<aN
An application has made an attempt to load the C runtime library incorrectly.
>anl]4y
aO7/63
AP8p}\T
aQAqK)
AQ":$q
aq}T$|wg
-(arTl<
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
`AU`ABP7
August
 AU/oQQl
aW!01wbh
Aw0fvz
A`X37Vd
aY	Ew3
:AZ()u9
{\/A<?zV
b01wbh
B!%01wbh
B1&cO:
B1~ou[SL
B1XbCn
#b.2;(
b21isJ
B5S84S
B6lO#6
b8!}	}G
B8/W|Y
.B@9[&
b\}bVy
^B<Cb	JOIO
b"`d;%#
bdESU0
Bdfb3B
"?BdpPB
BDW.0?
b:<eGe
#B,>Ej
}bg7!*^Tb
	bH(%*()q}
B*iJ2'
>bJz'R8E>
B,ljPz
@bln{]
&bm32On
B; nA(N4
bNgV>E
boDj%DR
bP6Y=T
?)]bpo95t*j#G
BQ]]5z/4u
(B`qvG
,BR!i<
Brq?f@
brwro9
bSKrSrQ
BUJe#GMnZx
!$bvvN+L
;bX3x	
\=BxR!+gGI
)b)+XWY
BYF?Uk
_c[01wb
!c02DJ*
C1f[jb
C$#>1z
C3}D$*py
C6XVZQ
c83vm}
C8&r$P
c8V"l^l7
c9&NNLA$
C BE4"
?cbl5,
C	bQ|.
#/&'c	c
CC&*Ht+
CC"*ku
ccm7S$H
@CC{"NBa)]
ccq,+q
C]Dk&:!kZ
C{FA( 
!C.:Fe
~c`\|G
C=HQbkH
Ci8uFz
c%IGmn
CJot$0
c_[K5$0
CKQ]#S
>|CKsj
<c"{kV
c:L&!A
}c'L?cq,
CloseHandle
c{	lzx
CMttQ!
Cn*tz?1
CorExitProcess
C!p3~/
:cp7!PT ,8
,]`>CPP
`'cRB$
CreateFileW
{cRGXt
- CRT not initialized
ctAmWb
(Ct&V+tgE
cu8+Ms
cUGzw_
-Cv0:R-
{c;vom
^&:?Cvr[F.
cWonsW
cw/rFO
"cx10g
CYl:FG
@CZv_zg6
{&">.d
+)/]d>
[D01wb
d(0bcR
d0,dFL
;D0"H0
D~2l@x
D3____
d<$4%sX
d5K7Z4
D@]5mrtdPQd
~d_6+3
d*+79]H
D$_9C|
\D[A\X
db%g7:fK
DBPa$x
/dbT;WZC
D{;bX1P
dc/>[5@yz
dddd, MMMM dd, yyyy
DddnQb
D=:DLJT
+d	|e5
[DE{6E
December
DecodePointer
de[co+S
DeleteCriticalSection
DFm6oZ
DF-O!*
Dg$N~W
dhcLJ&
DIH-WZ
Di:ihJ&
~*+D)I)iqw
d;#i:V
d.IYuc
D,;IZn?\
#DJF$a
,dJn4dJ
D%'jv!
*%<dj]x
>dk2#+
d<k	^3
d_Kbz.
%)DK H+
dkhV!A
dkR~FOA
. *dl 
d*L=6P
DMcq{)
Dne61H
d\NEE,G
d]OFNu1
DOMAIN error
dOPZbM
D>//oY
DpLv"w
DPM01wb
,%:Dq'$
dq6Stm
(DqPBY
d@R4W<
Dtb\;l
Dtttx.+v3~
d>U/;j
Dv v_N
dW01wb
dW*FSW9
d}/wj|
-DX*4r
DXj\}!gb
dxV24mP-3
Dy<3X|q+
DYU^TaT 
dz9X<k
DZ p/{W@a4i
^\\%E\
e01wbh
E(0grC
E2+ R 
e38T('
e4kwLY
E 4n1'
E5wA<#
_e72#2|
e%9mkt
=Eb"){
;+ ED!
EDfwd[
EEC@@f
E	Ei(R
[eF8,rdU]
E"f',\F
]#EfJ(
EgBWXn
egc]ac
EGg$6e
^e)h+[
EH#&fuSL6
Ei	_	!
EiOF_X){]
e[JKYn
El~$y 
em7{An
eMB35w
eMlg65
`]em+#s
EncodePointer
=enep%
EnterCriticalSection
|@Eoi_,
)}eO_W=,$&6
:eP<0\2
EPTi[5
EQEw>[
^%EruR
;E+sa!
,EsK[l
)eTAs&u
:etQwLC
=Eug>m
eU>I.0
E+$Va8
E}[!W(
EW^"C5
ExitProcess
eyE7wj'59
EZE:Qb
($f? (!/,
\=>f$}
!]%:F#
_____F0:!
f01wbh
F01wbh
,f`0i3
<F0vOsq
f3&)/d
<{f3)=Iq8W
_f3O(Q
f476	\
f4"An,
%:&F=9
F,|#9^
*f%^9K
f=^A{%
@FCee5
February
F}%]EE	
FeLo1c}g`&/
FgA(3.1
Fh*.a.
`fh	lT05
;$FHn>
[fHZ.y
Fi01wb
fi01wbh
[#".FId
f\Imm/>
}\F=;)k
%)fKxD*
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
F}^LWE
FmiTKM
f^N3ya
*<FNqk
{ f	O<
]fObz.
(`&|fP
$Fp0	K
Fp3rB]
>|f(PJ
;f^_q{
f<qy[%
FreeEnvironmentStringsW
Friday
F+[r:K=
F=}}rR
/~fsA|
F+*sQvIP
?+{?fT
F',Tb|
fTdE&F
;fufj,
/>?fuJQ
fuOgBq
#>F}v"
F?vK$':
Fvp>)~=^
FX00dc
@!!FYS
G00dci
_!;g01wb
G0yQ#^
"G29hX
g?!)2Y
g([3*C
G4A&rI
G4we<$
G5wi0zQ
G6^I:Kz
)g6w~R
'G82r=
g8%JW-
g8R&rO
GaB6lO
GaS)U*
`gb@8`
-:g\bDA
\GC1P)
gcG4LT
GCxD#l
@GD{-0
]*GEBp^
}gE(cx1
GetACP
GetActiveWindow
GetCommandLineW
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileSize
GetFileType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessId
GetProcessWindowStation
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount
GetUserObjectInformationA
GetVersionExW
gF<?5j
<<GfjY
G fxtY
&G_GGGG]
GGGGGG
GGGGGG$m
GGGGo[-
GGGTM4
#/GGG\XV
:ggy7f6
G%hFNEJh
GHt+`j)
_)<]gHU
{&}G/i
	g*J|=
gJ HK<-
@<>Gk"
g!k[Pw
]#Gl12W
G".mBR&
gNQszZEt
g]P1FA
	,gpl1X
`Gq[my
gr*MpD
&> gsn
g$sozLa
gst4q2
>g+SV<N%
-gtd%	R
gTiUS\9
GT-l5T
g;}ToC
g|]T+W
g;^u!a
[guCB:z
]\g!;v
g/vI-g
g'V#T=
gv-trVb
g+^_W#
GWTU_^
GWXEAh9
>g#xUJ4i
}gylF|
|&g%{z
:G(Z	h
,gz|.je0
Gz?k[I
g<Z"vt]
+*:h>_
 "&]^H
]H,0("=
h01wbh
`H) 0z?
/H1	*f9u
"}H1Lm
h2>j|sV
h2	 ls
H@!2V|=D
h<+@2x
H"4`94#
h4`]ri
h601wbh
H(&71gt
H7s00dc
h!~8D(|6
&Ha|;!@	C-
H{Ad<G
hb"a1#
HC[2FjF
hC3mh%J23
HcY`i#J
h +dt;-V
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
	HE/Ex
He^L6qt
HeLl6T
{=}hEm
+]H%eU
hexJ6i
hf(2<b$
`-hFK*
H'=)Fz
hg$<pb
HG:"T@
h$Gyko
H_+[H&
HH]d9{M
HHe;?a"
{hhhhhhhhhhhhhhhhhhh
HH:mm:ss
{^HHo}
Hho19	
HHOXKj
Hi0DP.
>h:j+Fzz
hKRq-N
[[Hks$
Hm4OH/
H+m=T^>
"hNuY|
H }:o'g
{H$>oH
hPO5Xh_
hq\xc|d
h-roX0
;H@S]!,
HsM^D'f
_HT[BhIMO|
(HTZPd
H&uB".
hVDOke
HvMSvMR
Hw01wb
hW;7ey#
h#X2)dX4>
Hx3QBN:*
Hx$8@,
+Hx&IL
HxT$,|*
HyKX#3
|>%HyS
	H^:>Z
/hz3vn
I01wbh
I=01wbh
+i(0*5M
.,I1l"
\i<2.s
i2st=S
I=30Fc
#I:3k?
I(4i-z
I4~?U.
i6L*F8
?i7*5u[
I&98LRtB
I	,!A 
IAk53z
IA!oadT
IB4OK?
IBQ;d\
IbV.SV
;IC6Oz
+i)cDW7*
(]icW+
IDHJx-
IDwws,ZCWy
IEAA*v
@If[-j
.IFN\H
IfO_z*
ih[1CYX.1
Iipp_(,
>I!%jJoy
@<IjqT
I@k'yjG
<i\LDj
I*L:XQ
i!*LZi
im27,&0V
i-M	aMd
imr'Gd
i#mWn]
InitializeCriticalSectionAndSpinCount
i|N)T]3
InterlockedDecrement
InterlockedIncrement
IOFbMG
ioJH<`
<i]ows
&I[o%X
!}IpA6
iP$BIY
I?Pdz6pL
I' Pe>
<Iq0RG\
,i/qbM!
I~rM2$	c
i}+R[Xrk
I&rXy 
IsDebuggerPresent
IsValidCodePage
IsWow64Process
[*iTA2@
^iUe8f
 Iv2'v
/IV#2X
[IvF77
IVo?p:5(=s
(;|%|IW<
IwsM6`
I)wXSW
ix<'		
ix9KiXy,
IX@pId
ixw>X 
i_ybkT/5
iYreqy
i:Z#}#8`%
IZCLBh
@`>]~>j
-}\",J
[)^'J%
J00dc"
j(1RO:
J`2/fK
j3/;ru
j4#p1p5FW
^J5T%{
^j7R<n%
j9~l0C
Jagt}+D
ja?Jj	
JanFebMarAprMayJunJulAugSepOctNovDec
January
*jAOJS
JA[W]L
%jb}>@
'JcEU=
jcH@d,
jC%&$M
^`Jc)X
jDC41	
J(-Dlf
(j#	Et
J-}>F}
j]FH %
J|{.*gU
J/HaT@<$
jHBswL
>JH[}D
j[iE*x
JIGM`2<OQ
JI%+Pu
$JJF>X
j@j ^V
Jk)L~K
<jK?+[y
jl~K&k
J=LzHU
'JmE";hN
jMm*L6
*\`j}}/Mt
J?N Yc
Jo`jI.
JO"Jvf
JOYqm/o
`%[ jP
	jP2y"R	
j	P.64u
>(<JPa
)Jp>J7
J/q=b'
JqQ	qp
jR]M]Z
[j%SF)
J@$SJ$
J_s*Y%"
j}.tZ+9j7
*jUEcT
j+U<HN
J//.V<
JV}R7"5
~j wx1!)
]jw]Xz
Jx 	X\
jXy!k{
K0d:!^
K	3f^^
K5nt\l
K)5V0D;
k8MgV"8v
K9t$xD
K-_ ^B
kb".HA\
k+BkbkR]p
{K"BKO
k~b),o
kdBP9}zD"
Kd^kK<
k(d}qgIjR
K\Dy57gbB
-(Ke$B
KERNEL32.dll
k^f)6s.
kfZnn9#
.kg9Ef
kGW-:	
?K"^+h
kH9pg\a
Kh^Lm-!
"khXM^
kJ01wb
kjH]:HR
KJJJJ>
{_kjo=z<r
":^$KK
kK<T8*
k&l6`5
kM-gEt
,km'H8
knoq}p
}kO]28(
K:O%v2
Ko!	W4
k,O?w9
KP|~`p
kQae-i5
KQIU%X@
kq?O8&kLi
kQtPLJN
kR2LXJ
ks?k)L
"K]S,r	
KT4/	u
{Ku&YS
(|?kV|
 KV?/V$|
KV=Wljs
<^k(W%
KWL._[4|*
(KW@(ngD 
`kWoF'#
KwUOv7sCw
K-X$(/
)kx3S/
]kYiK8
)K*YT?
KzI^fF
KZKp#[
K#}zS{
}\,l#^}
L00dca 
-l01wb
l01wbh
],L101wb
L1g4PN@a
L1kT'q
@,L@1Q_
l2hmY|
l39x#B
L3[FQ]{_W
l3Q<v_
%l49LN
#%L[4H
l),80J9
`_L9mn\
lA\a#>]M:l
La~)N>
\LB8:!m[V
	>L+Bg
Lb>(nj
.lBotF
LCMapStringA
LCMapStringW
.L@cmr
#[$<ld
LEA )5
LeaveCriticalSection
LEf+=1
Le]`Hv
LeSfg2
lEX_Dv
L+g3%^
LGH2!7
/l@H3@
L&hbgO
lIgbwK6U
|Liox1
LJJZGz
LlAgN&O
l/L:+H[
L'LrB(
L+L$x<
[Lm#Ea
lNu!M:t
LoadLibraryA
LoadLibraryW
*lOyRI
Lpf$y	
lQiO	I
LQ$Km0
l_%q#sq
lR_RR_
",-L<u@
lU&7;7
lUF/Vb
_Lu;j	
l.V+E[
l#VTaU
(^lX18pV/
$lZe}S
^lZy,{
m'#^/+
______M
M')&"#
m00dcb
>m01wb
M01wb 
m01wbh
M0e`n_
M1W%\B
`m1zkr)Y
+m2$29i|@
m2CGl8u
{M,3xlc8
m4\%[@
M~ 535Ee+b#
m6U0b2
+{m7^O
.M8{-S*
m8#x h
M.B'_N
mB^}Qv_
mCmL*d
~=Mcp*
[,*mcW=
m|d%$2
Me'd'J
mEil_V
MessageBoxA
~(-mFA
?MFeVA
/M&f(}f
m%FKAtS}}
m);_g~
	mg(0D
;mGvLb
"~?M<(h
MH.Rc1
mh*s(0
Microsoft Visual C++ Runtime Library
MjoF[u
mJ^S^+
M)jvf~y
Mj('Y]i4A
mkpeni)
@mKs_M
Mk,UT5
MM/dd/yy
M`miFK
MmKOh/
Mng8H>
mnm"D$
[+mo@)
Monday
moO/>?>
mP2^c6
mpGMDqd
mpT0u:
-.MQ*-
Mqb:be3
mQs.)W
MQX(Ap
mR*+=*
#+mRM0%*
(MS01wb
m ]-SV6D
<<m@szy,LZV
%?\|m\U/
+m%U][
MultiByteToWideChar
m;uxc=
m[v^?j p
m'vO}f
MWQ3R9@
+mXmV/-
}MYRq(JV
mz80>H
mz8UBd|
mzFzH)4
MZGV]~C7
Mz:J2:i
mZQ/g|]
MZq	|p
N,:(0|
n0F{U]y23
$n0geK
'$n0n(n(n0x
]N"0(U
N1]L)C
.n2O>%qO
:\n5?3e
n7:1>eP
?N~8|?
n800dc
)N8e=(
-n{8'p
	N9  >
n.}@b:
nb<=WJ
_;~nC+
nCf` O
(N'D?6NO
*nD>i8B
nDpDX\`
nE`q[V]]C(ZxCP$
n,:ffD
\/nfR)
NHG"T2X
nh|j$(v5
_|nJ3\
N<ja[d
njODeS
)\NLf%6
 n.<+m
N]mAag
nM&^BRf
nMOTVh00dc
Nm]zNG
n.N@d(
nNNrg4
N]#o- 
nO7n$f
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
,npD#y
N.P]KC
NPx4	A
NRF;Dfj
"NrH`Ix
+nrTn8
:nRw?S
:|n%s{
n%s00dck 
nsWsB3
NSYn/6
NtReadFile
`N/"TS?AF
 :nTV<
]~]nU<
<NV68a,+
n\V_De_
n <vF/
nvGU}@
NV%.ti
@nvUL[/
NWTk{a
N+X0 Bb)
nYlF}Y 
'n=:yp
N.Z5Ato%
Nz9>9k
nZt2=4
@@NZ?V
*<,-O]
o00dc{
O{00dc
o01wbh
O01wbh
O}]_2$
o36omM	
#'O56n
O5x0tC
O71H	5
O@93-g
o9M81w
,OanHBY
ob~?+-
o;BE{!"=
o#B-L+
[[_Obz.
OC[;Mp
October
odbHv}U
o_^d/m>
odX9pF
O,[E+Cj
oE$p`b	
!oEQz=
~$<oF+
{ofyog0Z
o\g^h.
o"g?(vc1
OGX("I
oHg2Jp
O':HI.
OHP38y6
oH+R(X
o	"H(!xC/
o&>jE,
`oJie-M*jM
"Ojjjjj
	Ojjjjj
oj'U<p
OKD^lj
olnO7b
 OLPVQ
o|^` )^lu
om#GGv
>/omYMP01wb
(<=o&n
ON QYl]gs
ONV5(]mH9F
o#;O[;
o=^OfF
OO%=^'Q
,OP32M
o#p9p=Z6
\+.@Oq
oQ2Br){;
OQ4q.8
<*o/Qo
\*oqp,
*o]R8c
oRrcH)
os(`5E
O[s%W9
O+UDQ\
 O.U)||U
O(UY;N	
;ovg0ESj
-OvYTq
o"{"^(W&
o%W9"3
}Ow_N*7
_O?*%XT
&\Oy5$>
oz GHk
OZ,K2Y
OzRO`o
!,&p:.>
$ P`:\
&/P^.	
p01wb@
P01wbh
)p0+ro
}@P~-%0T
p3%+Fc
P; 3XK
p4E|t/
p4JkN[
P4``'x
P50gCN4k
+p6~	*
p6\!&eRX
P 8Ab;/>2
@P?9,0
P90<80
!p9c8g
p9qDk{
P9Qx3_
p9()r)
?P9TW/
(p9Xz*)
pa|	t 
Pbc@@#
"pBF";
&p+'bFO
:PBT$g_
/:{PC8
PckP8(1
PC+W=?
@PDAd^
PdyYWh
^P"&ep
~%*P$F
Pf4yYv
PF8(/,h
pF,N8r
Pf)W75K<
()	Pfx
PFYF _E
*.Pg"xx`{
	PHC17
`PipRF
p?jPNM
%Pj]Ul
pJW[dg
P+`)k*
PK<?<%
(PkZ8o
p~>L>/
Please contact the application's support team for more information.
PlF!l&X
PLox"9nC
p	}^MY
`PN%	E
pNuT2v#
p)O_@`@
PO6vK-
po}	/y
 p)	]P
`P^paS
PPPPPPPP
:PRJ)]
Program: 
<program name unknown>
p~[S[a&t
pt{6L>]
p?t>g*
:;ptrm
pTS"km6'
]Pt Z<
PUK`j3
<Pupl;c
- pure virtual function call
p+V\\_~
pvDrC"
p`vYtb
#,Pw (
p@Wa}.z h
)PWxc/
p)@=X<G
px|tyq
	)pY,[
pY.-m?
 ^!	_Q
/&'-Q%
Q01wbh
`q1#!l
q(1x)3
Q28&)!a
?Q65*O
q+7ARo
Q7U)e[t
;Q83+B*9
=Q^8(H
Q9m,b)
,^qaA}
=>qbna
qB>TyQ
qbU#=)
\Qc-<7G
=Q)e	|
<Q%_ex
Q"=f2B
QFB6lON
Qh<0`A
}qi:$5
(}q#[j
,qJ0_'
Qj:4GF
q\j/5Ey1x,Zp
QJ:6GGHT4<
QKDBQr
<QK$@Rn
Q,KT>iU
Q-LYN_
Q*M3cMMLj
{QM$M@
qMR06^*-T9
+qm.ST
qm"zwrv
qN8$N{@
,@;q:NY
qoYL,K
{Qp6GT
q\Pe5Uw
	QpGYG
Q.|pqq
QQ:2f8
Q!?q/d
q```qK
\q~	Qp
QQSVWh
QRl'$7
qrnBUR
Q#r}_wikS
q>=*|@s?b
Qsuv=h
`.Q!U/
QueryPerformanceCounter
q?uMAa
Q}V]nV%x/
q@xD3-
QXJ{gl
|!Qy!?
q`Y+s%
_r_____
=R({00dc
r01wbh
'r0te6
r3HrFr`s
R3J/)y
R<5=aZ
r@5D4(
@?.R74
R"8Sya
RAP[.bL-
R	b^}DW<
R@BOha`g
rc(;<Cr
rCCTCm
&rC>;I%
rc:tt>2
.rdata
rD#CsN
Rdph#*.
,r_DW2
:rD}xl
ReadFile
rE]F"xrD
Re_m{d
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
      <requestedPrivileges>
rfgUcH
:R:Ie`
RINK#a
[R"!iwfMu
%/rjGI
R/J!JGJ
Rj`J|"T{
rJoHe;FHF}
rj?YyM
rK~c:=s
RKi*zt
RKJ83OJm 
rk.n|Xq
r,Ljjjjj
R #MBu@
rMN%$F
**RN;v
RoUl!x<.
roVwHF
rp+cQ@
#R,qOM`-
rRCA]#
RRYO"i
@rSCb@
r#si3rCgR
r$Sm<-
Rtg=uW
RtlUnwind
RTZ1rdZw
runtime error 
Runtime Error!
R!v4"{9
/.*R#W
;R"w6,}
	RZl#Qn
r[ZM1fm,v3lg q6]
%%&Rz`x
s00dc]
/s01wb
s01wbh
S01wbh
s@%0jXhg
-S*1sy
s4;)$tH
S5DFJ>
S[,5M+
;S6._"l
,S7OU&B
SaD>Q`
Saturday
&%S\+B
 s CARB	4
/sc{;S
sdHUKg
    </security>
    <security>
September
s<,.et
SetHandleCount
SetLastError
SetUnhandledExceptionFilter
SF'_C#
s}gaCe
Sgvvofe
SHWDHK-
sH}y40
s`I`l(
siM:pP
SING error
SI.W+6f
sIy7<Lt 
_|~S_j
SJmGTP
Sk566N
;SKsRa
'SL+>Q5
>SMvqo
SMvZp|a$%M
sngl@q
sNp\i2Qy
.-s{"o
+SO_01wb
So^E+Y
sOL[1,
*SpH/^EU
s&phZw
<S]|)PR
sQ2"8D
<S<qJGKD
SQy{$Q
SRS{=_
 S?:tm
sTPd^@k
S=U+hKU[.
Sunday
sunE?(*
SunMonTueWedThuFriSat
____s____V
S++WCs
"swFra
s%xfq 
SX:@ut
[SY.<4
S^]y$F
)s%Y,T
)+}S+Z
*.;}T)`{<
T_____
\T3Y+S 
t^5I&5
t6	Zbp
=T7[QLK
T@?8^|
t{AGw=%
 tAHlV+1-7
 tAL3'=
TaTqi.
Ta)ydW
t-|B&I
Tb;I^-}-N
T)b~RC
tB-R-"vZ
tc1Y%|
TCd=_Di
,<tckS
'td?)[
tDk%Yq
TerminateProcess
t`G/)4V
T=G8*b
TGdTj&t
	?Th# 
tH/BmN
This application has requested the Runtime to terminate it in an unusual way.
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
Thursday
tIAyYuyBy
T>iE_f5
/T:.j_]
T;J_KdGA
TJ<R;o
TJW={.+UcJ
*Tk\vn
T^#\L[
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
^T]lU(
	}^tM0
tMU5SG
tNcP=^
&"'>tnv
To6<Oc
tOA&LC
To_uFJ
t:owC9
tPnPC+x	Y
T\Po5{^?
T@qUAI
T.r^Kj
  </trustInfo>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
T`=_S*
t"SS9]
ttpPtV
ttpPy:
@ttpZk
:ttQ_\
|Tt!Q/M44
tttttpx
tttttQ
ttttttl
ttttttth
ttt{TttwH
tttz:=
tTUQuoz
Tuesday
;t$,v-
tv=$jy&
tVt94Q5yr
-_:)tw
tW07<m
TW]=f_|m
T&w%G#
TW|w"g
t+WWVPV
txd~]t
]T#~{yT
tzapglw
t"z	dF
/U[.]\
&=\U^%
U	01wb
u01wbh
u1cDZ`
U2	Kb `
\>U3^>
}U*3Ig 
\u4eft
u4=f%(x
U4T7N?
u|#4Yb+
U5 ip;
u7.w(mIE7
U%/*AT
uB{rB0#
uc25=9
uc,#G>
uD1Ta{o
Ud2nn.
ue6/er
UeIWcCr
UFfG"r
]U@:)G
UGZkj6
U}JlM)
#U*jM$
UJ_vETR$
UKb*7*D] \:2:=H
u\KerJ
UL0eiT
UL%@a,>
'U@Lm7
UM!2H(>
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UO{n4>
@U)p`.
@Upd&F*
Uq11r9
UQPXY]Y[
/<?UqW
u~-q(`X"
URPQQhXJ@
u,.%Rrd
UrS()>~
ur)(TU	
USER32.DLL
UT2J2Q
\]uTyp
{U{uAqz
uUF/CV
UUTjp3
'u&W.H
uWxfkf
UWYJSOm
__U|WZ
uX02TN4
//U=xh
u<(XJE
Ux}{tT
!Uxx[v
uYrO6Uk
Uz)>cnM2g
_____V
\/V]|=
\ v0FO
V0g7Aj
V0:i+`f
v1:A%;L5
#V&4\j
v6?CK>xxQOzh
,v[767
V801wbh
V?9~8E
v]}a\go
=Va~OLg
'VA}yH
vb}IJ`
VD1}S.d%
vD__"4qi
>v%dN0
v^E0<-
-V_eWld
-\VF1,b
vf,5[`
VgcxUJ
vI&6,{=
VIkzZ	
VirtualAlloc
VirtualFree
VirtualProtect
?!&vJ&[
VjboTz[P
VjrO7!=
vKxL$v
]?vL5J
vl8)5I
@)vln|
vL+U:'
V##m2v
,'VMwS
 v\?N%
Vn4T*82F
v	N+D$
/v-N~q
"v.p1K
VqE<F;
?V#$qx
=-[vrM
vR$mmr	
~>V>/T
./V%~}U
]'Vu2f
vUG^p[
;v_u)U
"(VUU]
VuWb~~
Vv7&qD%
{v=V#i
VvqAUk9e^
Vw`01wb
-_Vw=6{M
V$*X2W
,[vx=i
.&vXrGR
VY0u3\
V,yyq}
;v}Z88
<<w{	 
\/;w;@
w0X;(PH
W1KJ5u
w2H6b*m]
	w3y^z
w4<+E[
~.W{4g
+w4Li.
w)5Qcs
w5wEkYl
W6;99w
W( 6?h
w};8(WK
w^Ad<5
wb$k>aj
WB@Nig
{w?%$cH
w;e&adP
Wednesday
%wFC*&&
wFC|d(4
W>>_f P
W``^_h
whk	OH	
WideCharToMultiByte
wI"IP|
]wJ2:==F
w,j4/Y09
?W,j.oT
#W,KJml
W__[kM~
wl^H2Q
w!-!m%
Wm**um$
wnFe"r
"W>[Nx
#	 w/P
WqhA$2
WQx*?l
$WRB |
WriteFile
W|$@Ro
w?&#s1aS
WS2_32.dll
wS,5=78d
-WS"8@
W:SG:(4(0
wTLb79
w?>uMJ
W>=V"K
wWD*OiC
WwF01wb 
wWJt#ARR
Wx.)?=8x
W	'YSdAQl$>
#|%x_.
;]X\/}
:,)=<X 
x1.&6D
X1:oK}
X}}.2j
X2lNd7
X3N<P!
x4crrw-:T
\%'>*x6
X\6	Jg
X6	v5"_
X!7,,	
x?7.3=
$x7Hf8
=x|7,x
(*x89$0
X8afz(
X9Z,G'vnS[
x!AP(U
x	bdY@T8$
x.*^bq
X~"\cC
x	CIK6-
Xcx?ol
xD}80"
|\|xe}
<x))eL
XeZc0#
_x%$F[
:%+xG/
x|}(G'4x
(}xGzD
@\xH!{
Xi}}}|
\xIk'g
|x!J6l
]X!JxP
X_k_PfU
XKrjk,x;o
~xK<^t
&XkZhN
%/xl ^
#xl+71
xm_ml|U
xm-O2N
XmqJx,&
"x)_"n
xN?xGL6d
xoHMdC
X`Oj(s
Xoo"-<t|
x!PUyx
x)R55xt
x|t('	
*x>	+T%
X.T>oK
xuU(rf
',:xVdZ
XviD0050
/xv<_lm
x-=vm$
xwiv5,
&x~]x?
>Xx &s
X"/YoT&
xy#?Wc
x< z$	
xz G/;
}XzY)C
y00dcf
(y&!#0]5J
Y^]0u4
~y1G&:y2
y!20Z B
y[2gZo
#y2`S/
^y2.]z
Y4<)#T
Y\&+6.|
Y}">68
y6"'qs<
_Y6)U1W
Y|7G O*
y87@uDA
y8HD8s43UZ
Y"BcGDN
Yb%kZ[5
'y C!uF "
yDn_c>
{%y%}e&
y]&f\6y
Yf/mp:Ae
yF(`V$
@Y~FX!
)y#="g
<Y%&>`G{/
^YGHJ	*
YgmP7H
[]Y	gyM
:yhFeI
yhT'}=
yip2U]
y ju	"R
Y-l>,HN	)
y$M(e	
yMjXbMb
&y[n>`
Y{%'<&o
yOT~[w
yOY#ox
>%yQyu
@.yrdata
Y\RWm+
$ySc}mN
YsKM^3
>=Yt1j
Yt.UYt
Y|U4d5
yunljda
Yu,rDdW
&yU&/Y
yuy><N
"]=y=X
yxsC85
yY\6MQ
Y$+YNV
.=yyqp
y[yZQ3-K
y`*ZfR
y	zU$K
{z==&<
z}}}}~&>
 ^=Z!01wbh
Z*0E<Y
z1CaD71Ca
z2#2oI
z2	]VT
Z4\i/!X
/"Z4uh
[z4@w@
Z5b%<o
z5gK~U
z7Z1($
^! \Z8>
Z8+p8@
_{z91K
Z[9! H
z9LDQ"
$z9rR!
{z&	^A
$!Z<$)A
zA8AJ0%
Z $]a9
zAH]*:B
+z)aj-<L
[Z`{b;
Zb{^>/
(zB	!R
\ZBWY_
Z:::::-D
zD]~hF
"z?EL2
;/zfat
Z~fvvPv
Z*Fy53s
;z/G		
ZG)#&d9+
zGJS/:
Zj~Ja_
Z-"(JO
z}k5K)
ZMW-}}
z{na:_
ZNliiI
Z#Nmwf
Zn!!Q0
Zo|[DS
ZOrZ9JG
Zo,U1B
ZO&$vjg
.zOzri
`z"\S)
;Z+<t<
ZTk$q}
 [z,WW
zyxauay
,#[[ZZ
z{ZnG~?'xj
,zz(p`