Analysis Date2013-11-09 22:13:56
MD5a4317e110e12284c8eababb3589aa885
SHA1680d034b7bc8339c43196396cc0c1a378280010b

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: ac13562dc92218edf8646c5ff14807a1 sha1: ab9720bd0ac678a664df0749e7a8afdaa4c15290 size: 132096
Section.rdata md5: f1a5afb066321d336f91b675c4f29f89 sha1: 4b2dde0a928acee43c8db44c0fe245b70b626748 size: 22528
Section.data md5: eb75191558d689dd79aa9274623ca8af sha1: 59fe614b1e999f2238635c176222a6ea9522bfb7 size: 5632
Section.rsrc md5: 5b7dabd5bce1bc7be5b01bff6e4a643f sha1: e6fda1819664ab67633bf97b6b95f22f000e4d33 size: 224768
Section.reloc md5: 8c618cf6921801c9669906784a92014b sha1: b63aaa2c2fd72f57e0bb5c991f356a591e042afc size: 8192
Timestamp2013-10-26 06:32:50
PackerMicrosoft Visual C++ ?.?
PEhash8b22f99916feccfd8400c6d3d275dd66b56ea4b1
AVavgWin32/DH{AGcPNQEgIiM}
AVaviraTR/GupBoot.B.917
AVmcafeeRDN/Generic.dx!csn

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run ➝
C:\WINDOWS\system32\suapr.exe\\x00
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\golfinfo.ini
Creates FileC:\WINDOWS\system32\suapr.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\_uinsey.bat
Creates ProcessC:\WINDOWS\system32\suapr.exe

Process
↳ C:\WINDOWS\system32\cmd.exe

Process
↳ C:\WINDOWS\system32\suapr.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\TrayKey ➝
fepud\\x00
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\fepud.exe
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\fepud.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\fepud.exe

Creates FileC:\WINDOWS\system32\suapr.exe
Deletes FileC:\WINDOWS\system32\suapr.exe

Network Details:

Flows TCP192.168.1.1:1031 ➝ 218.54.31.226:11120
Flows TCP192.168.1.1:1032 ➝ 1.234.83.146:11180
Flows TCP192.168.1.1:1033 ➝ 218.54.30.235:11120

Raw Pcap
0x00000000 (00000)   0b024153 31303146 f4fffdff ffffffff   ..AS101F........
0x00000010 (00016)   ffffffff ff94fdff feffffff ffffffff   ................
0x00000020 (00032)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000030 (00048)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000040 (00064)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000050 (00080)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000060 (00096)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000070 (00112)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000080 (00128)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000090 (00144)   ffffffff ffffffff ffffffff ffffffff   ................
0x000000a0 (00160)   ffffffff ffffffff ffffffff ffffffff   ................
0x000000b0 (00176)   ffffffff ffffffff ffffffff ffffffff   ................
0x000000c0 (00192)   ffffffff ffffffff ffffffff ffffffff   ................
0x000000d0 (00208)   ffffffff ffffffff ffffffff ffffffff   ................
0x000000e0 (00224)   ffffffff ffffffff ffffffff ffffffff   ................
0x000000f0 (00240)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000100 (00256)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000110 (00272)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000120 (00288)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000130 (00304)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000140 (00320)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000150 (00336)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000160 (00352)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000170 (00368)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000180 (00384)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000190 (00400)   ffffffff ffffffff ffffffff ffffffff   ................
0x000001a0 (00416)   ffffffff ffffffff ffffffff ffffffff   ................
0x000001b0 (00432)   ffffffff ffffffff ffffffff ffffffff   ................
0x000001c0 (00448)   ffffffff ffffffff ffffffff ffffffff   ................
0x000001d0 (00464)   ffffffff ffffffff ffffffff ffffffff   ................
0x000001e0 (00480)   ffffffff ffffffff ffffffff ffffffff   ................
0x000001f0 (00496)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000200 (00512)   ffffffff ffffffff ffffffff ff         .............

0x00000000 (00000)   0b024153 31303146 f4fffdff ffffffff   ..AS101F........
0x00000010 (00016)   ffffffff ff94fdff feffffff ffffffff   ................
0x00000020 (00032)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000030 (00048)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000040 (00064)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000050 (00080)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000060 (00096)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000070 (00112)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000080 (00128)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000090 (00144)   ffffffff ffffffff ffffffff ffffffff   ................
0x000000a0 (00160)   ffffffff ffffffff ffffffff ffffffff   ................
0x000000b0 (00176)   ffffffff ffffffff ffffffff ffffffff   ................
0x000000c0 (00192)   ffffffff ffffffff ffffffff ffffffff   ................
0x000000d0 (00208)   ffffffff ffffffff ffffffff ffffffff   ................
0x000000e0 (00224)   ffffffff ffffffff ffffffff ffffffff   ................
0x000000f0 (00240)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000100 (00256)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000110 (00272)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000120 (00288)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000130 (00304)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000140 (00320)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000150 (00336)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000160 (00352)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000170 (00368)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000180 (00384)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000190 (00400)   ffffffff ffffffff ffffffff ffffffff   ................
0x000001a0 (00416)   ffffffff ffffffff ffffffff ffffffff   ................
0x000001b0 (00432)   ffffffff ffffffff ffffffff ffffffff   ................
0x000001c0 (00448)   ffffffff ffffffff ffffffff ffffffff   ................
0x000001d0 (00464)   ffffffff ffffffff ffffffff ffffffff   ................
0x000001e0 (00480)   ffffffff ffffffff ffffffff ffffffff   ................
0x000001f0 (00496)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000200 (00512)   ffffffff ffffffff ffffffff ff         .............

0x00000000 (00000)   0b024153 31303146 f4fffdff ffffffff   ..AS101F........
0x00000010 (00016)   ffffffff ff94fdff feffffff ffffffff   ................
0x00000020 (00032)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000030 (00048)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000040 (00064)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000050 (00080)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000060 (00096)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000070 (00112)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000080 (00128)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000090 (00144)   ffffffff ffffffff ffffffff ffffffff   ................
0x000000a0 (00160)   ffffffff ffffffff ffffffff ffffffff   ................
0x000000b0 (00176)   ffffffff ffffffff ffffffff ffffffff   ................
0x000000c0 (00192)   ffffffff ffffffff ffffffff ffffffff   ................
0x000000d0 (00208)   ffffffff ffffffff ffffffff ffffffff   ................
0x000000e0 (00224)   ffffffff ffffffff ffffffff ffffffff   ................
0x000000f0 (00240)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000100 (00256)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000110 (00272)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000120 (00288)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000130 (00304)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000140 (00320)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000150 (00336)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000160 (00352)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000170 (00368)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000180 (00384)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000190 (00400)   ffffffff ffffffff ffffffff ffffffff   ................
0x000001a0 (00416)   ffffffff ffffffff ffffffff ffffffff   ................
0x000001b0 (00432)   ffffffff ffffffff ffffffff ffffffff   ................
0x000001c0 (00448)   ffffffff ffffffff ffffffff ffffffff   ................
0x000001d0 (00464)   ffffffff ffffffff ffffffff ffffffff   ................
0x000001e0 (00480)   ffffffff ffffffff ffffffff ffffffff   ................
0x000001f0 (00496)   ffffffff ffffffff ffffffff ffffffff   ................
0x00000200 (00512)   ffffffff ffffffff ffffffff ff         .............


Strings
/../
/..\
\../
\..\
218.54.30.235
218.54.31.165
218.54.31.226
AAAA
Caller: additions to the zip have already been ended
Caller: can only get memory of a memory zipfile
Caller: faulty arguments
Caller: mixing creation and opening of zip
Caller: not enough space allocated for memory zipfile
Caller: the file had already been partially unzipped
Caller: there was a previous error
Correct password required
Couldn't create/open file
Culdn't duplicate handle
 : %d
DBG : 
%d.%d.%d.%d
<Embed File Info>
Error reading file
Error writing to file
.exe
Failed to allocate memory
File not found in the zipfile
file size %d
golfinfo.ini
golfset.ini
                                 H
         (((((                  H
HGDraw.dll
         h((((                  H
IDR_BINARY
jjjh
jjjjjj
KERNEL32.DLL
MENU
mscoree.dll
(null)
OurPro
\\.\PHYSICALDRIVE
ReadImageCode : 
ReadImageCodeEx failed
\\.\%s
Software\Microsoft\Windows NT\CurrentVersion\Windows
%s%s
%s%s.exe
%s%s%s
Still more data to unzip
_STOP
Success
tmp8%X.exe
TrayKey
UNICODE
UnKmownOS
unknown zip result code
UTF-16LE
UTF-8
Win2003
Win2K
WinCls
WinSeven
WinVista
WinXP
yafu
Zip-bug: an internal error during flation
Zip-bug: internal initialisation not completed
Zip-bug: the anticipated size turned out wrong
Zip-bug: tried to change mind, but not allowed
Zip-bug: trying to seek the unseekable
Zipfile is corrupt or not a zipfile
<!<%<)<
<.<?<{<
> ?-?@?
                          
; ;<;@;`;
0#0^0}0
010=0I1.2D2
010B0g0
0&1/1@1M1X1
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0.1'2p2
0/1S1X1q1
= =$=(=,=0=4=8=<=@=D=H=L=P=
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
<$<0<8<h<p<t<
0A@@Ju
0C0L0X0
0D1Q1b1k1|1
0I3i3-6
< =0=@=P=`=
!0Q0c0
0R0^1e1
0'	R"8S
0SSSSS
;0<U<i<{<
0WWWWW
0xZ.N&
1*101S1Z1s1
1 1%131
-1.1.3
1&1J1S1Z1c1
1%1L1R1]1i1~1
1.234.83.146
1?2T2u2
133.242.129.155
1b8a3zlR&
1BJBf3
;%;,;1;>;E;K;R;Y;
1||;|G+~
:1"GJy
1?nZF{L
1nZn0DW
1P5T5X5
1pIknQ}
1#QNAN
1#SNAN
1S$ZO L1
218.54.31.226
2 2,202P2T2X2\2`2
2 2&232=2D2\2k2r2
2-2_3q3v3
2-2E2W2{2
2?2M2V2
?"?2?G?
2ib+_`
2J0n*~M
2li^Vw
{2N5$W
2V!x"$!(F
3?.2B~Rl
3!3(3,3034383<3@3D3
3#3M3S3o3
3?3q3y3
3(4,40444
3'4J4T4
3?5Sm)
3At6'95
%3c|5J
3Fio[O
3J4n4x>
3	LY;I
3s4y4~4
|3SNG@q
4,43484<4@4a4
4+4=4}4
4*5054585<5
:4:8:X:x:
^4BC-7
4B'.RQ
>&>->4><>D>L>X>a>f>l>v>
(4fG*/
4s Z ,
{,4vE%J
4vUwQL
5(2_eg
5{3d@]VX
5#505;5M5`5k5q5w5|5
5$525;5E5y5
5 5'5-555<5A5I5R5^5c5h5n5r5x5}5
5$5(5<5@5P5T5d5h5p5
5*5a5k5N6n6s6K7
5(646X6u6
5(6H6h6p6x6
5!6H6l6
5(7^XP
(5a/C.E
5i43S6
5;lAKE
63[4]5mm]5\]m]mm5\mm5555555\\\5\\\5m\55\\5ed:
6+616M6
6$6-6D6d6w6
6(6.6H6Y6_6p6
6#6+6z6
6)7;7y7~7
6ae'F$
:+;6;a;l;z;
6CrW%@
6H7U9g9y9
;+;6;H;w;
6j7en\:
6JQi]i
*^6Kd\
>">(>6>?>N>S>]>k>
6r+GHYk
>;6v>8Kt y
6V"EGf/
':7@2K*:_x
7^4Q]g[k
7$7,747<7D7L7T7\7d7l7t7|7
787X7t7x7
7<8H8[8m8
{7fO:;
?&?7?]?g?
7-Ig%2
7IQkF	
7)#j}5\
?7q'i.
808P8p8|8
85EJ9I
86GucQ
8 8+8B8g8~839\:7;@;U;
8=8X8f8n8{8
8d.d`E
8Dl:UD
$8iA|y
8	K1} 
"8lR<?E
8MSMPt
8OKTmZ
;8<=<O<m<
8%$`q76
8Q9^9z9
8SS{N(
8VVVVV
8}x1VB*R
8yKKs.
979`9q9
989X9x9
9#909G9c9o9
9]9c9o9
9;9M9[9p9z9
9!:^:h:
9/:H:O:W:\:`:d:
A0;B4tY
A0;B(t7
A4K_O#j0v
a-5-:?w
AAFFf;
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
ADVAPI32.dll
 @{a-f
Agent.exe:*P
Agent.exePK
;A;G;O;\;p;
ahFe44B
,AluFl
<AMOK`
An application has made an attempt to load the C runtime library incorrectly.
AP;BTt
&/aPC=
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
.?AVexception@std@@
.?AVtype_info@@
b2Q^(3
bad allocation
bad exception
 Base Class Array'
 Base Class Descriptor at (
__based(
BeginPaint
=b>h>]?|?
=.>B>h>
bj"gj6pL
>)?B?k?p?
[b;'*P2U
buffer error
BU,t].&
BW0iJj;[
bY!7hk}h
CCh\IC/
__cdecl
Cfa-H%
 Class Hierarchy Descriptor'
CloseHandle
.c|#LR
__clrcall
ClV|&&
 Complete Object Locator'
CONOUT$
`copy constructor closure'
CorExitProcess
cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,
Cq5h[x
CqGOb_
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileW
CreateThread
CreateWindowExW
- CRT not initialized
{cSE];A
Cs{wJ2?
c#^W!kM?
@.data
data error
DBG : 
D'Cp H
%d.%d.%d.%d
dddd, MMMM dd, yyyy
DD:s%b
December
DecodePointer
`default constructor closure'
DefWindowProcW
 delete
 delete[]
DeleteCriticalSection
DeleteFileW
del "%s"
DeviceIoControl
!DEY{`/
:>;D;H;L;P;
Dj!^J0
DjW.ste
%d\o[*
DOMAIN error
 /_dV<
d%vi%%
D~y)At@
`dynamic atexit destructor for '
`dynamic initializer for '
<*<;<E<
E'5UG"|
[& e^:c_M
eFO"~Px
eg!g|B
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
+eKa1%OQ!
<Embed File Info>
empty distance tree with lengths
EncodePointer
EndPaint
EnterCriticalSection
E)Rn1,H
[]E|SB
E_u#?!*
eV!2iil
E>V%eE
ExitProcess
f07^N(uB5
!	[fA0
__fastcall
>#>)>->F>b>~>
)FbDgQ`
February
FF"FKD
FFN"+q
file error
FindResourceW
? ?F?i?v?
FjqS.'
%)%f_K
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
f~mTeTG
FoaOug]#
fq{YTB
FreeEnvironmentStringsW
FreeResource
Friday
fs&[;u
#F\wm9
fWoK!O&
Fwx8%5
f		?yP&
fZb_:6,
/G6$}H
GAIsProcessorFeaturePresent
GclsNZ
GetACP
GetActiveWindow
GetAdaptersInfo
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileAttributesW
GetFileSizeEx
GetFileType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetUserObjectInformationA
GetVersionExW
g:gf{j@
:g{gse
G[I_Ue
g/K]D>{j
<"<g<l<s<x<
>%?/?;?G?W?
(GXQwT
@GZj-!
`h````
#H<8I#
HcKXsSV
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
He&(e}
H{|few
h(fZHD
`h`hhh
HH:mm:ss
HHtYHHt
HiMV0"
;#h\&-'o
HRbj%f
h}\{TJZe
.HwSh4
|{I0lV
I3')+*+)))*))()*+++,6J!54 CBA
i,CJ#k
I/`!ew
if exist "%s" goto Repeat
%iLD:.}D
im+eqh
incompatible version
incomplete distance tree
incomplete dynamic bit lengths tree
incomplete literal/length tree
incorrect data check
incorrect header check
 inflate 1.1.3 Copyright 1995-1998 Mark Adler 
InitializeCriticalSectionAndSpinCount
in!Sp3
insufficient memory
InterlockedDecrement
InterlockedIncrement
invalid bit length repeat
invalid block type
invalid distance code
invalid literal/length code
invalid stored block lengths
invalid window size
IPHLPAPI.DLL
IsDebuggerPresent
isrBX$
IsValidCodePage
i.`^"{uq:
ixSZ}!7
I$y#]y
]iZ|]H
~IzV=/
J0;H(t7
J10)yt
J4;H,u
JanFebMarAprMayJunJulAugSepOctNovDec
January
$}#jbo
JEEEEEEEEEEFC
JEEEEEEEEEEFD
JEFEEEEEEEEEB
jfy}c0
.j;{Gq
JHHGGGGGGGGHI
j hHkB
j,hPlB
JJIIIIJIIIIJJ
j@j ^V
jM*#yD
.~j,^R
j"^SSSSS
.>_`=jV
jXh`gB
jYPQTVTSkllZTTXRTUiHceWda/
`k[~;:
%^[k5_
K^5n`g
ka+E>F
k>bhdb/6YtF
\^>kbY
Ke~j'p
KERNEL32
KERNEL32.dll
^kk=-v
K_"o$HM
&<%K PPR
;'k&Tc
kTCD!'93!
Kz%	K;
| 	{{L
l8mUxeJ
LCMapStringA
LCMapStringW
l$%DBC
LeaveCriticalSection
LEXjna0
"%L+L'
LoadCursorW
LoadIconW
LoadLibraryA
LoadResource
LocalFileTimeToFileTime
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LockResource
;L@ sj
<Lt wRp'
LU|r4RY
#l	v$`
lVh/.o
L^WK@j
lwkJh\$
lx[9_y
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
MB5na5
Mb@dyV
MessageBoxA
mGJu7O
MhCi9-
#mh!,>`j2
Microsoft Visual C++ Runtime Library
Mi:seL
M|j7/S
mK_T0Y
MM/dd/yy
Mo5DdB	
Monday
MOsnvoL
<;<m<t<x<|<
MultiByteToWideChar
:M:W:`:f:v:}:
=(=^=n=
*[n|`,
n2Ar}F
N5j@np
need dictionary
n%eF|?
 new[]
nGN#%m
n]M:r p
>n\Nb8
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
(null)
(-NVGZ
Nw~ytMMMMMMUbbrrrrrxxxxxxxxrriUMMMMMMMMMUuzt
n>X2b=
n,ZQSFB
-o%14e<O1^
)O6530./21+*-,4#4PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
O(@>=77A779?<8;$O' 
o`a%A 
;oc(5*
oc%&NU
October
;}=O>j?
 O.J|0vM
O%JEEEEEEEEEFFB
`omni callsig'
o?n5s/
<?<O<p<
oP'0Uj
OpenEventW
operator
oRdUSh
O^Sgg0
=oupI!
]O<uWR
oversubscribed distance tree
oversubscribed dynamic bit lengths tree
oversubscribed literal/length tree
P0;Q(t7
;_=)p\3
P4+kGu
P5`J{bb
PA<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
__pascal
Pa,<wIH
pB-3zBX
_.PFsf
pf|UMI#
P,hGY!
P"H]p^G
`placement delete closure'
`placement delete[] closure'
Please contact the application's support team for more information.
pnD9Kc
pN&ozG
PostQuitMessage
PPPPPPPP
PPPPPPPPPPPPPPPPPKMNNNNNNNNNNOLO
Program: 
<program name unknown>
__ptr64
- pure virtual function call
pWljDj
pwwwwwwww
pwwwwwwwwwwwwwwwp
pxDDDDDDDDD@
pxDDDDDDDDDDDDDDpx
pxDDDDDDDDDH
pxDDDDDDpx
pxwwwwwwpxDDD
pxwwwwwwwwwwwwwxpx
pyc8Or_
Q%3) m
#q423i
Q)7eI4QY
;Q<!?8?
Qd-u5p
Q!fu6}0
}q/k+H
}Q:^Kh
Qkkbal
}>qooggggggg1`_fhsnHK
QQSVWd
QQSVWh
QueryPerformanceCounter
}Qu(kU
>:_%R@
~;R-?3
RaiseException
	:r,b4Z
`.rdata
r)e6*p!
ReadFile
RegCloseKey
RegisterClassExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
@.reloc
:Repeat
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
      <requestedPrivileges>
__restrict
RF?.5/+_
rmdir "%s"
 rQUFQv
R^r!Q3
RtlUnwind
runtime error 
Runtime Error!
/ruuJ_
(R~V^t4
R[zi6^[
S9%d`LV
s)aBVc
*SA[k0$
Saturday
`scalar deleting destructor'
    </security>
    <security>
September
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sf]Uq[
:'SgaFZ
SH3` |
SHELL32.dll
ShellExecuteA
ShellExecuteW
SING error
SizeofResource
smA{B$?NC
s[S;7|G;w
^SSSSS
sT<6C/
__stdcall
stream end
stream error
`string'
Sunday
SunMonTueWedThuFriSat
SystemTimeToFileTime
SYvav$
SZk,ps
TerminateProcess
tGHt.Ht&
.	tGSu9
t!h(_B
t h(dB
t$hd"B
+t HHt
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
Thursday
.Tk++EB
TkKic&Xu
[{tL}@
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
tmd	JSP
Tnh1i[
too many length or distance symbols
tR99u2
  </trustInfo>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
Ts]!4(
t"SS9]
<+t(<-t$:
Tuesday
;t$,v-
TVc]]c
t+WWVPV
 Type Descriptor'
`typeof'
T .;|z]
u(>1Jk
;U;(=3=;=d=i=w=
u` 866
}-ub/K
ud:+"H
`udt returning'
ueoL'@uN
u,hPdB
u;hXdB
_uinsey.bat
u)jAXf;
_~U+N'
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
unknown compression method
Unknown exception
 unzip 0.15 Copyright 1998 Gilles Vollant 
u?O!v6
UQPXY]Y[
URPQQh
USER32.dll
USER32.DLL
UW&8sX
uy_`U2
uzA(R_
uzTWlU
V9]\\i_~
v9)UYf
`vbase destructor'
`vbtable'
<{v_>c
`vcall'
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
V&F	 dQ
`vftable'
VirtualAlloc
`virtual displacement map'
VirtualFree
_VK#N	
v_%`_l
VL{/A}I'
v:l%w^
V?[?M6C.
vma|(-
~V!nce3
v	N+D$
V$_!*o
V$PD3^T
?^VT*I
'\Vv"\
_VVVVV
w2@z{$
W('7v%
wd.SL`2
WdZi"a
(w-(ed
Wednesday
W( h(;5
WideCharToMultiByte
WkV21TSav^8{
{WM,fu
WriteConsoleA
WriteConsoleW
WriteFile
WS2_32.dll
wsprintfW
-wu,3`
w<vikv/<
ww#!n|
^WWWWW
wwwwwwwpx
wwwwwwwwwwwwwwwpx
wYuM?;CTp @
w,|(Z.i
X~3pdD
x=8I"J
XbNW{C
X:\:`:d:h:l:p:t:x:|:
XeC-=blU
X,Gne*'
'XGNr"u
xh+	v"
xppwpp
xpxxxx
xSxEpA
,XWj`i
XXQbcn
Y3|bPT3
YanOK{
ye<wGOS
Yg?~&$D
$YiuCQc
yiV]	B
Y@!^	jl
y#J%/X
yQ+0T'_
*'Y=-S2
>=Yt1j
{|yvrrwsqpon
YYh8dB
)(*-'z
z\3|<i)
z3U^;-K~
z%4Z}F
z7'y/*
{ZCBFpQi
<Z<e<o<
zGh1%x
ZT\q=V
zV*gu'
&zXjhL
}zy|yx~