Analysis Date2013-12-23 22:36:02
MD5fff2fcdc0fd9189b7cc45b5dd5477975
SHA18d6b8480ec556a317596ebb3f8af44e6fa475015

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 22ced87f8cfbeec19f10ea768b9f5033 sha1: e33a3ba504177a8c4928979ab058706451849503 size: 153088
Section.rdata md5: 9aea8072fe8459f1fb075382c5799ef0 sha1: 20175590c1ea24da7001c4407f973794ef0a54bb size: 20480
Section.data md5: 5aafebbc10957e661762e0e7fadc057b sha1: e2c47723a666cfb80f6b690e2c546d4b2e1087fa size: 5120
Section.rsrc md5: d5807dbb2d91e7d96a3af12bf420cba9 sha1: 2e0e90f84ea9f00d82184ffdb109270dcf749aa2 size: 17920
Timestamp2013-12-01 08:08:23
Pdb pathd:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb
VersionLegalCopyright: td99709A13950
FileVersion: nv90461Q10595
CompanyName: na56221K67739
ProductName: ho69950U41804
ProductVersion: nv90461Q10595
FileDescription: tj45594Q23532
PackerMicrosoft Visual C++ ?.?
PEhash5998727e65b8963dccb40f1f28af264e33add9e9
AVavgAutoit_c.WBT

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileHF.QPB
Creates Filejavaingsloads.exe
Creates File__tmp_rar_sfx_access_check_80218
Deletes File__tmp_rar_sfx_access_check_80218
Creates ProcessC:\Documents and Settings\Administrator\fq91855Q61425\javaingsloads.exe

Process
↳ C:\Documents and Settings\Administrator\fq91855Q61425\javaingsloads.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\xc80853N29246 ➝
C:\Documents and Settings\Administrator\fq91855Q61425\javaingsloads.exe\\x00
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\aut1.tmp
Creates FileC:\Documents and Settings\Administrator\tv98388W90075.AD4
Deletes FileC:\Documents and Settings\Administrator\tv98388W90075.AD4
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\aut1.tmp
Creates ProcessC:\Documents and Settings\Administrator\FQ9185~1\JAVAIN~1.EXE

Process
↳ C:\Documents and Settings\Administrator\FQ9185~1\JAVAIN~1.EXE

Creates ProcessC:\WINDOWS\system32\drwtsn32 -p 1504 -e 148 -g

Process
↳ C:\WINDOWS\system32\drwtsn32 -p 1504 -e 148 -g

Network Details:


Raw Pcap

Strings
@$p0,8p< p(4pppppppppppppppppppppppppppppppppppp
?*<>|"
\??\
\\?\
040904E4
%08x
2created automatically before extraction.</li></ul>
2The archive is either in unknown format or damaged
about:blank
Accept
A&nbsp;
ASKNEXTVOL
AYou may need to run this self-extracting archive as administrator
<br>
&Browse...
Bro&wse...
bytes
%c:\
Cancel
&Cancel
Cannot copy %s to %s.
Cannot create folder %sHChecksum error in the encrypted file %s. Corrupt file or wrong password.
Cannot create hard link %s
Cannot create %s
Cannot create symbolic link %s
Cannot open %s
Checksum error in %s Packed data checksum error in %s
Close
@CMT
CompanyName
Confirm file replace
Corrupt header is found
CreateThread failed
Crypt32.dll
CryptProtectMemory failed
CryptUnprotectMemory failed
Decline
Delete
&Destination folder
D(null)
EDIT
-el -s2 "-d%s" "-p%s" "-sp%s"
Enter password
&Enter password for the encrypted file:
ErroraErrors encountered while performing the operation
E<ul><li>Press <b>Install</b> button to start extraction.</li><br><br>E<ul><li>Press <b>Extract</b> button to start extraction.</li><br><br>6<li>Use <b>Browse</b> button to select the destination4folder from the folders tree. It can be also entered
.exe
Extract
Extracting files to %s folder$Extracting files to temporary folder
Extracting from %s
Extracting %s
Extraction progress
File close error
FileDescription
FileVersion
folder is not accessible
GETPASSWORD1
                                 H
         (((((                  H
<head><meta http-equiv="content-type" content="text/html; charset=
         h((((                  H
ho69950U41804
hRichEdit20W
</html>
<html>
.inf
Insert a disk with this volume and press "OK" to try again or press "Cancel" to break extraction
Install
Installation progress
jjjjj
jmsctls_progress32
kernel32
KERNEL32.DLL
LegalCopyright
License
LICENSEDLG
LICENSEDLG	RENAMEDLG
.lnk
Look at the information window for more details
lSome files could not be created.
%.*ls(%u)%ls
Main archive header is corrupt
manually.</li><br><br>8<li>If the destination folder does not exist, it will be
Maximum allowed array size (%u) is exceeded
*messages***
modified on
mscoree.dll
MS Shell Dlg 2
na56221K67739
Next volume
Next volume is required
Not enough memory
No to A&ll
nv90461Q10595
Overwrite
</p>
Path
Please close all applications, reboot Windows and restart this installation\Some installation files are corrupt.
Please download a fresh copy and retry the installation	All files
Presetup
ProductName
ProductVersion
ProgramFilesDir
__rar_
.rar
RarHtmlClassName
RarSFX
Read error in the file %s
Rename
&Rename
RENAMEDLG
Rename file
REPLACEFILEDLG
riched20.dll
riched32.dll
rtmp%d
runas
"%s"
SavePath
%s.%d.tmp
SeCreateSymbolicLinkPrivilege
Select destination folder
SeRestorePrivilege
SeSecurityPrivilege
Setup
SetupCode
sfxcmd
sfxname
Shell.Explorer
Shortcut
Silent
Skipping %s
Software\Microsoft\Windows\CurrentVersion
Software\WinRAR SFX
%s %s
%s%s%d
%s %s %s
STARTDLG
STATIC
StringFileInfo
</style>
<style>
<style>body{font-family:"Arial";font-size:12;}</style>
td99709A13950
TempMode
Text
%The archive comment header is corrupt
The archive comment is corrupt
The archive header is corrupt
The archive is corrupt
The file "%s" header is corrupt
The following file already exists
The required volume is absent
Thread pool initialization failed.
Title
tj45594Q23532
__tmp_rar_sfx_access_check_%u
=Total path and file name length must not exceed %d characters
Translation
UNC\
Unexpected end of archive
UNICODE
Unknown encryption method in %s$The specified password is incorrect.
Unknown method in %s
Update
UTF-16LE
UTF-8
utf-8"></head>
VarFileInfo
VS_VERSION_INFO
WaitForMultipleObjects error %d, GetLastError %d
WinRAR self-extracting archive
winrarsfxmappingfile.tmp
with this one?
Would you like to replace the existing file
Wrong password for %s5Write error in the file %s. Probably the disk is full
&Yes
Yes to &All
You need to have the following volume to continue extraction:
                          
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
04NM7S=6b
05)le+6
 (08@P`p
(?08qq
0A@@Ju
0,BD<F
~0cC+q
&0ds',
'_0Fh_W
0fkt6ns
0GQ%Wfj
 0h[(	
0hb:' 
0@ I2#	
"[0.I$XI
=0LL J|
0MGSY8Rd
	)/0N'~o
0&{,Q,
0r3SUf
0SSSSS
|`0TD;Kc
^0tx0VeN0
0uA[Wk
*0){w!
0w[)*G
0wM^qXf
0x\xA&
11c@$+
1:3W[US
151\20-00]]`-^`
1_?9	C[
19{.-t
19`?-x*
"|1br{
1)Df2y
1eGn{1
1h*!gU
&1HloQr<O6
1hsjQr
;1LDgNU
1:[N<{
/1'nEB
1{)[n~I(
1P>I6c
1Rwdor>
1's7kt0R>
1s9.5#v
1+T,4`
1u	;1%
$1uYI`
1vw_/4
,1wZ+p
1x69kvV
20JGR0
20#ZR#x
(>24Mm
*2:,5*
27cYZ,*
?2A(6w>
2D|NL|&
+2e'1:
2<f+Hc
#2GG(j
2/GYob
2h]aBa)
2hKS"n
<\2H]Nz
2I`$=&
2I"~[xV l[
2=KG@b
_2l\c*
2L`i)o
2.lyPq
~2Roai
2@@t[=<
@2u$vT
2yp[9Z.
2~~zzv$9
?{ 3=]
3{1Z:o
33!D	3
*@$35D
3!7u5x%
3&8kAn
39:@F@M
3~BGvrS
=3^cXC
3dUa`Od
3,E@0f
="/3-f
/3gNZ\
3~ifv=
3k)%rA+
/3MrC6@{.
3P?p!N
~3v~3g
3_^xh1
?:;,}4
%/4=2e
4	2-K2p
4#aR[2
4bK.WZ4E
4&}*HK
4`J |k
\4K	3zX
4<mvT<
`4pe^'
4q~4H|
4q@w0N
(4$'r4bQ
4\TLD<44$
<4UYCeV
4W#/M^
4xxuHsA
\4yN -
.5\|(#
527fMP
5*"$_4
5,=6>B|
#5CM[ky
5cPR4qt
5F]}T]Ohm
]\5'hhtS
)5IQau
`5`JH7n
5$kVf*?
5L6cS$
5M)P=b
!'5ooqs
5?PL^~
5Q7<{gi
&5s6#U
5+TCVf
$5VrZ[
5]?YUW
	] >6[
/++'62
`6/3&X
/65W&j
6?5Yas
\6`[7s
~6acv,
6c.:C8
&.6>FN
6h%?LC
6OTwAn
6pE-qU
6$qe~cm
6qmy}d
6[\Qq)
6qT[L(
~6^Qv_
}6R!;I
6Sh[&q
6U>FOn95
(6VvxPo
6X8TdGC
78[MF1
7#9Ess
7(A`zF
7cC"pG[
7EOAnV
&7f(7i
7@%gf3n
#+/7?GKW\7l|
7g!-MSEI
:[}7H%
7h\(s}=rQc
7i^)H67
7K%f#x
7lCjxI}
7Ldt7C
 %7L]	g
7nE2-E"
[7}=o<
7oj8oJ	
7O}O c
7P7J*A
7*p	9~n
7s~3C4
7UR UU+J L
7|w~13
7^WUA6
|$?{$8
@8024Y
86A=9By
:[88a9
`89&u?
8a~p'#
$%8=aP 
8BIBG!,
8Bsm>{
'8BuQh~
8BYD,/
8C2>>c
@8CfsbT0
< 8/+[cK^F
8/;]d}z
8)e8*&5
8eq6<,%/;
8fp#E,+
8HnQj=
8IK=WAx
8+[jY_T
8	k$*@
^8{ki?
&8msuC
8MxmZLi3
8OK.xp
8oNo;y
8SVWj 
8"tVVWS
8*=wq8|k
?%)8.x
8,&X_%
8XVbfY
_9>_+#
901uUK
-9a||uR6
,;9bc&
&9$bL@
9bq4DXW!|
9<<EU_
9f+KmX
9',h6&]a
9-hC0G]
9I[Ig!
"9j%oFh
+9]j	S
9kFfvh8^
^?9kO2c
 9L Q',
9PVu$U
9q	//]
9Q5D]lS
9%Q"nP
~9/qWn
9RW1;}
9;tB/%}
9u2 !xlH-
9#+vBy
9#vfx{
9wsBBd
9x-O" 
$9XT[Q
&,9+|Y
9!yV=H
9ZqG.#
a2_=5V
a2jD~#
A3DBJN
_#a45+e'
a4ebUa
<a4Owu
*a%4?p
/[A5of
>=a7&%
a7*16H,V
&=%a<a
aAMCKEa
A-ANZt
a~(`&b}
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
Ab:iP#-
ABSj\GA
abUoD_
/>abZR
aCRse! P|U
;!A]D0
aD1[#x-
a[d8Ob
AdjustTokenPrivileges
ADVAPI32.dll
{ae|)!
AF'P9FKa
{;aG,#
}a,gh,
AH*!IZ
aI^\/'
'Ai1/%i
aip't-
AJ'30a
`ajh$fi
.A(jYu
(AmVB3
".)aN$
An application has made an attempt to load the C runtime library incorrectly.
.$AoU>=
 ApEv]{
apFlPn
  </application>
  <application>
a$+Q^I1
~aqIKW
ArK.@}l
ASk"dw
a[*"sM
~aSm$o
</asmv3:application>
<asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
  </asmv3:windowsSettings>
  <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
</assembly>
<assemblyIdentity
    <assemblyIdentity
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
ATiNXQ/C
^aT_.N
AT&(sx
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
&~a+Tz	
}+*au(
August
\;'AV_
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
.?AVexception@std@@
/A>vHd
.?AVtype_info@@
.?AW4RAR_EXIT@@
aw+JuT
A]x6q"\1
AzN9]X\#zE
A/zZ,OB
&'B$@}
B0]j/ 
B1|7<^j%
B{<2%v
b-3@OqL<
B61V2'
bad allocation
bad exception
bAE#M^+
 Base Class Array'
 Base Class Descriptor at (
__based(
bB0)1({5
.bB$bR
bB$bR%b
.bB$h)7
bec"TJ
/Bi5jL
<B@II;
B+I@IGl
bIQ#Ng
"{b&KI
B{,-KI
@~bKMb
BK[W"2D
b;_?L[Y
"bly,5
>BNgc#
Bn>ul'
b!'rcv
BTM%~}
bvze&`
bw#bF 
bWY0P9
~ @B-X,
BX8+Tq
bxkAvl
[bXUZv
[bxXmck
\B_yXXXQVVV>WWW&UUU
Bz!cYC
;(,=_c
c0h6+~
^c0=Hm
c0pU[{A1
C11"g]#.
C2n\HQ0
:C2ZTA7
c45HAl
c7Md_s6E
=C("9g
 c%9KQL~
c9;~o1>
{c#A"~
 CA_DUk
C&A?"F"f
>/*cAN
cC ^	d
CcXNzg
__cdecl
c`E$1<
_cf3wC}
C{F=V7O
CharUpperW
cIs^&A<
+C&JC$
Cjpt{9
^"Cks=
 Class Hierarchy Descriptor'
,cLIl{
CloseHandle
__clrcall
CLSIDFromString
cmB?n:
>cNas4
cO%8/>R>
c>o 9&"
CoCreateInstance
`&c=OD
c.OKvU
COMCTL32.dll
COMDLG32.dll
CommDlgExtendedError
CompareStringW
</compatibility>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
 Complete Object Locator'
CONOUT$
`copy constructor closure'
CopyRect
CorExitProcess
].cPg,
*cqr1>
.c;R6k
CreateCompatibleBitmap
CreateCompatibleDC
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateHardLinkW
CreateSemaphoreW
CreateStreamOnHGlobal
CreateThread
CreateWindowExW
- CRT not initialized
CryptProtectMemory
CryptUnprotectMemory
C%u-(*
C#=u*8
#	CUEQ
=cwDhS
C/XP[]
C+,x	Z
](D0,?
d2EGXC
[d"5l0
D6rh		p
D6@tjr
d7Dn>	
?)~daK
@.data
DbbqQX
DBntNd
dBv]HNo
dCO^E}
dCp3+9
dddd, MMMM dd, yyyy
!>Dd[m
@D>dO`q
D.=dP(
DdV2#uh9}
December
DecodePointer
`default constructor closure'
DefWindowProcW
 delete
 delete[]
DeleteCriticalSection
DeleteDC
DeleteFileW
DeleteObject
dE	l`p
</dependency>
<dependency>
  </dependentAssembly>
  <dependentAssembly>
De[Q]T
<description>WinRAR SFX module</description>
DestroyIcon
DestroyWindow
DeviceIoControl
,De	ZdV)
dfjm!G3
dFwMU)
D)gHc>
"D|_gS
dhs)x0>;
DialogBoxParamW
@#Dio7
DIQ3-y/
DispatchMessageW
D&/I/V
d]ka<R
d:L=7x
d,L(/I
dmhSe`
d~M" X
dN7L^y
Do.H+0
	dO$)/i
DOMAIN error
DosDateTimeToFileTime
d]P!?h'b
    <dpiAware>true</dpiAware>
d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb
DQ,B6P
/{Dr0}
dRnjL&
dr*[WX
")d|t&
dUAX|N
%dvd73
dX 2vG
DxQ$pj
DxR#m3
D{-xzE
`dynamic atexit destructor for '
`dynamic initializer for '
^d@yP/
D]zcZ;x
dZv3\8
*},e#/
E[+_0C
e1'vM$
`E1W.g
+>e3<,}?
E6A:u/
e[7'n,
eaf[lz
EDQ`7H
e'dVQ2G
EHL8sn'
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
Ei}%ns
?EIOSX
eiPag'A
>EjHw4
Ek  VO
eL'^CE2l{Z
$E/ ^N
EnableWindow
ENb3M>>!
EncodePointer
EndDialog
e>nmAJ	
EnterCriticalSection
EoI*Ku
E+oZ<O
e[QU5D
er>2NZ|&
es7]`:7~[
eScGYL9
EsqP(U
[#*eT[
=`etl{V
EtwHRIU
)"(eUB
EVBg{?
ev{Dfd
evK=@M
E=vUJ$
E~=X8kJ
ex95\,7
ExitProcess
ExpandEnvironmentStringsW
ey![]1
+Ey9e&
EYdNxM8
eYWl+]
EzGE*v
eZn[b(
E$ZR*]_
[f[>1Q
F4B@f0
f)7dFc5y@
	F8fz#
$@f"AP:
__fastcall
|fauL$
`\Fb<	#
	._f^D
$F$_{E
February
f%F0kIW
FFF))EE	FFFF))))))
F \@/Fv
~f#G#?
fG+!eq
F:H\`.
FhqZ=j
fh;tjV
f(iLDs +{
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FindResourceW
FindWindowExW
fjBffz!
?@fJgi
FK%$?iT^
fl@A~E
FlE}#At
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
fMvT~b
[|& FN
f//Ncfaq
FnVl<xHc
F<pA3%
FpHK6ml<2
>fPtc-
F PuC,
f!Q7/q
fQMw.g
fQ>OP0
fq^ou?
fqW#w9Z;
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
Friday
Fr>]Om[Q
;F>sFUA
FtApBS
<F"t	@f9
fUq!Q#,
fV>fZ=Z
fvjK,0
f~vO n
;Fy	0Aw
fyNaJW
 Fy#$y
fzDzQj
[G}~_-
@+<g=:0
|G1S'K]^
g33WwQ
G3uQDy
g4bM8$
g4SY4-
G6c[k$}EU9
%Ga\\D
gahCn2
gAs!P>
!~*gB/
@GbhTQ
G;cX=?
GDI32.dll
geA_x~
GEm$WE
GetACP
GetActiveWindow
GetClassNameW
GetClientRect
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetDeviceCaps
GetDlgItem
GetDlgItemTextW
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesW
GetFileType
GetFullPathNameW
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetLongPathNameW
GetMessageW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetNumberFormatW
GetObjectW
GetOEMCP
GetOpenFileNameW
GetParent
GetProcAddress
GetProcessAffinityMask
GetProcessWindowStation
GetSaveFileNameW
GetShortPathNameW
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSysColor
GetSystemMetrics
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
GetTimeFormatW
GetUserObjectInformationA
GetWindow
GetWindowLongW
GetWindowRect
GetWindowTextW
;g?g"0
G]	G=3
g@gkZg]%
GH2)D"
G!h+``X
\:	G.?j
gjbbdI
g#_%/K
GLD#OI
!Gl%k\
GlobalAlloc
.gM/y|hj
GNg!@cz6
}G?NOn
`g'oO?.
@[[GQ5
gqEwAk
gr=M2H
'GS7]-*
Gs{AGm
\G^SXXX=YYY9ZZZ3WWW&UUU
GT~~E"#
g"tn6Y
g-u|Aw
]*Guw*(0GB
gV{HjG
gwS3	3
gwS37%w`	
Gx8~~~
g#XjJ@/
=\[-gY9T
G*y\;R
' gZ-B
`h````
+>"H#-
!h1K1W
<h4q8^
h6{s;{@
h9)-/+
H99Tmu'
H[AMB	
h=b>$26
HbE<Ov
hb|=O$
\;]hc%
!!hD{ff
h(=_E:
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
hE/<SB_
(hFEqu
HF.QPB
h|F&'S
{HfvA6
:HgBJN]r
h& #Go
%HH[EG
`h`hhh
HH:mm:ss
HH/tE$g
hiXraV
h;jI}#
hJUM] 
h	)<?K+
=hKeY2
hL=GL>
Hm4b$5
h"N<*6]!
\? ,#HP
+HpFk%
hpuBrM
hrhzMTy
@hRQb9
HS#~h]
HtCHt<Ht5H
HtFHt8Ht*Ht
HtHHt:
HtiHt>
HtOHt^HtBHu#
[H{tQ2Eb
 ;h&T#-s
H(ty0@}:
h&Uavl
,Hu_,Ln
hx9Fk;:
HXcs0\
<h*Y8	
:i()0m
I1pD~D
I1SG{9
I ?3Ga
I4c2G^XL
i4),Cij[
I5K*&G
|i6 DW
>i(7W2
i95@9?
I9<69cNC
"\iA'-
IaAo">
iaF'?p
iAr1	G,
/IAT(5
I<aUAQ
!ib#,9
I_b`{T*
Ic4vO:g-w
I#cBF'
IGH69/
Ig.)<My
iG'Vgk
*iIO7B
(:ij0F<
I}KB4w
iK/T[s
ILe'X|*
ILq.*C
imi)+b
iMitCs
InitCommonControlsEx
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
^+inWS
ipj__~Ara
ipt|":aQ
IrG&dg=\
"IroyzX
&-i@s)`
@i+^S_
$(I+sb
IsDBCSLeadByte
IsDebuggerPresent
!IS*?I
IsJXcX3
IsValidCodePage
IsWindow
IsWindowVisible
iU7!m$
i-UN&RD
i}VZ|7
Iw6 ']
I_#wOa
-i}Xu{
I=Y#)o6
i_\z<0L
izvDLI^
}J[/}~
j{2G%+
+}|j6T
`J94i=c
J9"L0Hf
jakNE}
JanFebMarAprMayJunJulAugSepOctNovDec
January
javaingsloads.exe
Jb<iNe
%jBIuB
JCeXb,
JcF\6[g6
jCiR?rW
`>jcmU
J|{`C,n
jD;O`ic
J=dq+J
*j?Dv3
JDv*3^
J#fGzj
JfV!RH+P
j%# ~g
!/j<g)J.)
jgR~8a
`*JiOQ)
	J~J;r
j@j ^V
Jj}xO/
[~ ?j'k
j]kcddT
jKIsr+
jmtFh3
jMx)'sk
Jn/^[:
:j/O0_[
$jp.)T
jP,Y.Z
+[J#Q)
:%jQ&s.
/J%!q&W
jr,83~
j_rSNE
j"^SSSSS
J*T1y=Z#
Jv0tqh%
@~JVxGqP
j Y+L$
jZ8m=D
<jzS3 
Jz<|V6
<~]k%(
K2X*a$}
K/8ZxRR
?#k(A>
k!)a?i_g
 KC{0'
Kc<r`w
KE6How
KERNEL32.dll
KETMVB
keuJN6
Kf"%E<t
KG_0<9
(KG+hB
=k'gpF=
KHOj@UV#HZ
K,%I7+
kIsFGn
~K)jbz
KJWJ=* 
+;K[k{
kKL9Xq
KljQn)
?_Km6!
Km/]@BZ
knVL(pq
{KO!jyk
K`ok9WU
kPbn0i
Kp^dxD
K:^q.G
kryl2{
ksD[ww
'kSOif
Kt0nY\
+k\	UH
kvv9Y]67
KX?>#k
<_~\k"Y+)D
KZ3yo`ij
Kz	i"{
KzYiPv
.L2iB||
~l4s.f
l:/79	
.l,/!8
\L9K@Z
      language="*"/>
l]:AR]
l-A-zCs&Kx
LB/a7(J
`lb*Nm
LCMapStringA
LCMapStringW
LeaveCriticalSection
LeDQ0iiI
L(EzL<;2
L)FU{V
L=?-g	!
lgj:#s*g
lGOfvh4
,\LH}Q
L%I%\F3t
li,N#H*
lJ.8)q
LJ.Uy@NRS"x
lMne]O8
LoadBitmapW
LoadCursorW
LoadIconW
LoadLibraryA
LoadLibraryW
LoadStringW
LocalFileTimeToFileTime
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LookupPrivilegeValueW
$l*p[j
LP*Y=sb
#~l;pzz5]
L_qL7n
#l]R`K
L\SkB?F
Lsx	 d
l"tDA>5J>Q*
lTtNAVx
Ltx9^r
lu?YyO]
lvQ{B0$0
&	l.w8
l]w)b@
lX7f1B
Ly0tBH
L<ZnQC 5
m0<Ch%
M(2+CX
M4&IHVg
$}~m.5]}u
"m5U;[
M82?Hy
m8K}C#
m9r7(5
ma}b(fc
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
MapViewOfFile
MapWindowPoints
MbJwUp
&M<cM3
=md	tb
 Me&~~
%m)-ei
MessageBoxA
MessageBoxW
*messages***
mF0.*B6
MF8&hI!#c
mFef6_pX
M:|f*J
mGxo!Pz
M+h1t1
MI-bMtx
Microsoft Visual C++ Runtime Library
mIm#xF
>m^J_]L
MjTV^]
mK$LBR
M?Kvu#
.m&lXW
MLzGFI;
,mm0k>{
MM/dd/yy
Mmgk(A/
}"m'oC
Monday
MoveFileExW
MoveFileW
mPx>m@
m`RSn*
m^{u{4]
MultiByteToWideChar
+mv?Nd"
m{WhX~
mwwmR.
<mXo4%
M"\y:6Hp
MyPEIu-]fv
,my		q
"mzdQX
m!!Z[H
(N&<'	
;N^:1l
n3#1Kq
N	3_,r
 `N5-2TU3
n'6+g 6
N}:7:`
N7-j_:
N7s5owl-_
N7>t-k
N7tzo/
      name="Microsoft.Windows.Common-Controls"
  name="WinRAR SFX"
Nb4z\C
NChPGTwpog
N+&(d;
ND*=4F\)a
	nd"Ig
?Ndm9h
n&?D{RF
ndvQ8|
 new[]
&@n`\G
}.nGuw
`Nh'%qo
Nh:<!x
/@`^nI
+@nIu4dOw
NK40EJBqV_
Nk{f`I
nM7`/WD
Nn}(,E7
_*{n%nhiE
n&oq8@
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
Not.@ko
November
Np9FTsP
NP"-{j
n:"Pp~
n!PW!e3M
NR'h%^
	NruiF
[|n,rw
_nS\6;-
nSEWqE
Nto%(KeD
N>&-|u4
(null)
nU}"y!@|
NvtX#Q
nw,vh\
n%!xmR7
N	y2~e
'nYOv'
NZ4.<d,
nz$Lym-
}O?|=}
	.[;?#O
O%.!|~
+O0zrS	
,O1@Am
O?4ejk
O4E-w-/
o8AD-;
#o	94Z
/Oa87_
Obf"56
oc|fTWv
({O]=cH
\OcSLC
October
O(DATo
/<O|d|pj/
oD[sm=+|M
OemToCharBuffA
OF(]P8
oGbfTI
ohf;;@
OhZjEq;
oif)Cr
	OI[{T~
oJ9-Na22
,ojIVv
oj*_k`t
}ojSrA3
_%o'Ju
`-o{|+k
"/+O>k
o_KHZR
OK:<.J3
okLt<n
&$o!l4S
ole32.dll
OLEAUT32.dll
OleInitialize
OleUninitialize
o.l{Xvdz
-omH\Es
`omni callsig'
OOu$j	
;#]o+p+
Op9GTsU
OpenFileMappingW
OpenProcessToken
operator
o_qjm7`GnLIq
o"_qM,
Or<,?9
OR.x<7B]
+Or( Y
{Ot(Pi
oU9`Rr
@O@VhR
Ow>%JBW
^O,W'r
,O .y0X
O/Z?f93B
o]ZMql
ozo+voY
oZx5WM
P1-"+6T
p1 gAS
p1H&ls
p$1o6U
p54oJs7
P8`/ Z
?_p9vL
pa!AAe
Pa;Hc304
__pascal
Pax@~,
pB3Z/w)
PBRJS-
pby%wCS
P?;dF6o
p`dk`w
%PdwZb
PeekMessageW
pFiz1n
P:FovO
pG} >=
ph]8ja
pIN+NZ
PIr"!VR
PJ267+
%p,JaMt
Pj[IX<
pJw5!zF
=P#k`^
pk,|(7~6dcs9-
@pKntm
`placement delete closure'
`placement delete[] closure'
p:lDjaq
Please contact the application's support team for more information.
p[N+kM
PostMessageW
po>YlYZ
/ppC}G
PPPPPPPP
ppSxP-
PQ!DaO:t6
,pQZU!2
      processorArchitecture="*"
  processorArchitecture="*"
Program: 
<program name unknown>
}pRUjT
['^pSF
pSNKh'
psu-2#
;P%td0k!
__ptr64
P,u6++
      publicKeyToken="6595b64144ccf1df"
- pure virtual function call
{p)<VE
{-pVZ^
pWRjC,suk
pwr xx
`PYO~9`
+p@YOh*
p)ZP4kb
pZ	Pm]&
!{_^q##
&'!q0j
Q1|4k&
/Q2	b<b
;Q2u'3
|q4afw
Q4.z5V
*q5:;#=
Q}B`'~
Qb`qx?
.=QB>Y
QD9] t
 ^q[D|O
Q>e0T	
\qe< IX
QFERZ<
QfH1pm
QGOqre
qK^*)e
Qm',nN
/,Q?nV
qN$x]q:
\qP0V`
QPr=45
Q^q,c<
Q_q!j&
~=qQR'
QQSVWd
Qr u4e0]
q'#sG@/'
QsuEJw
qt;3}=
QueryPerformanceCounter
.q!uu:VL
QwE?0QQOs\
="qX<5
.qxw@i
Q`yi3`.
:qy=[K
	Q+>ZL
{!QzSQB!
_=$&r0
.r1<M'
R[3o,`
R9#b?&
RaiseException
RB07.3f
R>b51{
<RBecJ
_RBNEc
~Rc5+S
 *RcI4
|:RD8d
`.rdata
&R-Dj~
R"D,zT
ReadFile
RegCloseKey
RegCreateKeyExW
RegisterClassExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
r^e_hV
*!`rEK
ReleaseDC
ReleaseSemaphore
RemoveDirectoryW
.r_e*N
      <requestedExecutionLevel level="asInvoker"            
    </requestedPrivileges>
    <requestedPrivileges>
ResetEvent
__restrict
rgJik5<
^rG\Sl
=.. Rj
RJ}J;qF
(r&K6L
r(?)KN
RkoMJ 
*&{/Rn
RN,i;\8*
Rn]lxB
r^-oj>
R#OSBu
R*P[&D
rQ[EO#
rQjCmGn
RQKn'iO
r,q^m]h
%RR/ ,
R"Ro 5
|R[s_cL
rte$:G`
R%Te|n
RtlUnwind
r<TP[=
rTwrro=1
R)\u<a
runtime error 
Runtime Error!
/rUw5iJw
/rx_rh
	RY,4C[FAE
+Ry8`J
RY*r\i
~r-Z(v
S$2y*[
S3F<nH
S%@!4P<'
S4*%*t
S=5p1F4
(s=6@b
s[6!Oa
"S8P8Q
sa|hz-
SAI],#
SaQwRW
>-(sAR
Saturday
	S!`+B
\sB1W@
 !%s$c
s,caF5
`scalar deleting destructor'
")SDda
S\dHVj
Sdx4y 
  </security>
  <security>
SelectObject
SendDlgItemMessageW
SendMessageW
September
SetCurrentDirectoryW
SetDlgItemTextW
SetDllDirectoryW
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFilePointer
SetFileSecurityW
SetFileTime
SetFocus
SetForegroundWindow
SetHandleCount
SetLastError
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
SetWindowLongW
SetWindowPos
SetWindowTextW
:SEYq/V#
&!s*f1
S+f||F
s="G;c
SGvMsf
SHAutoComplete
SHBrowseForFolderW
SHChangeNotify
SHELL32.dll
ShellExecuteExW
SHFileOperationW
SHGetFileInfoW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHLWAPI.dll
ShowWindow
si6(}`
SING error
;sJ<EV
SL#6FUo
s/lg^V
{sL*P>
"SLRe]x
sMn)S>
sMQNJ8z
Snk5GL
'sNS!@
So	e'&
S <&Q6m;	:
SqJMM.
!Sr4ua
==,#)sR]7/'
Ss3S3?
s[S;7|G;w
SSShdxB
^SSSSS
s;"sV^
ssvdOj
__stdcall
StretchBlt
`string'
S#=[tv
Sunday
SunMonTueWedThuFriSat
      <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
      <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
      <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
:)Su'vSE6
s%-&{@V
Sv|eXLP
`SVWjh
S \vx?
sX^m#H
-SYA\p
Sy|Ocs.3
SystemTimeToFileTime
t0fzK'
+T:!1S
t2t0dJ@*}
t2up:!F
t3VSSj
T]7Fz"
t="9^_^?
t,9x}*G
T/@AE1L
TAS@K^
tB_#J2
)$Tc?|;
!Te)[0
Te+3>L
TerminateProcess
 T}f}:
t	FAA;t$
:TFuya
,?tGj	
T"G(z]8nO
    <!--The ID below indicates application support for Windows 7 -->
    <!--The ID below indicates application support for Windows 8 -->
    <!--The ID below indicates application support for Windows Vista -->
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
Thursday
tH']zx>x
{,t|!i
TJ2@<<
T>=jdv
t(j.Xj\f
}_}t"K2Y
t#~k}H}pG
tKhxvB
< tK<	tG
tkTPW\0
\Tkv=a)p
#@<@Tl
-T_L~,1X
Tl/fLK
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
.T&	mM
\tMS<{q<c
T]n(_4
=T(n52ly
=T/n<`^x
t,P7KR
Tp**`Zj
tR99u2
TranslateMessage
</trustInfo>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
 tSj X
t"SS9]
t<SSSS
Ts-@,yML
T/t,U`1
t$<"u	3
Tuesday
;t$,v-
tWiv<4
T[W#v$X
t+WWVPV
Tx\hpY
'TX?I'
TyO-+>
 Type Descriptor'
`typeof'
      type="win32"
  type="win32"/>
tZ#\aQD^a
tZ\oz8
(U;~"&
`u0_`;"C
u2&.CtS
u2j\Xf
U2T$&MC
>u .3L
^u3ra/Ib<y}
u4hxwB
U4&x:R,
'?u59Q
u5IpQm
?u`5N4
u:?67%
UBy+k|
UB`YXk
'uC,#M
`udt returning'
u_.\E\
Ueb'(g
`!ueL=
U;f2=#
?u(G[-d
ugfb,0
u/g	I`
$uGL_aF
u;G"V}
u,H8VU
u&h|uB
uHXY={
      uiAccess="false"/>
Uj'?bi
u#JN,@+
@u!j Y
@u;j'Yj
+uK#^_
ulWj@X;
UMf-uZ
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
Unknown exception
UnmapViewOfFile
Uo6o*:
UOf) Nh
UOjW~I.
UpdateWindow
uPh\vB
Up%Jcj
<.\ uq
U@&Q4TJ
UQPXY]Y[
({uQTtE
u{rM,^
URPQQh
uR>U7u
USER32.dll
USER32.DLL
)utlSw
utnYPX
"~UU2l
UUldTF
uunh-Y
UUU!b"h
UUU!WWW/WWW8YYY<ZF]R],c
uU.xc/
uw;!=)
Uz3`\o0M
_<'"^V
V<*$:$
V<1]{,B)
 !v3;<
V6:<>BFFLM
`=v"72
v9f+N?
V@@AAf
=vBAcP
`vbase destructor'
!V*Bhm
`vbtable'
V>-C&A
`vcall'
VcFmEdf
=VdP!Z
)vDV'zq
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
ve]M|}
  version="1.0.0.0"
      version="6.0.0.0"
V>f\b(
*V=F}SsF=
`vftable'
\Vf~U!@
|vG<V&
VHhtrR
VHJaFF
v$Hy}p
VirtualAlloc
`virtual displacement map'
VirtualFree
<"$VLa
vM_a"LhotX
$vN,=a
v	N+D$
Vnrvz3-
|V	&O[13
v#Pa*sW
, VrN'
v{&S9Y
(VsI:k
V/TOP^
vt|?QG1
vu3&y9>
V)u)qn
v	@uXNh
VVh(xB
#Vxacg
vx[?+N
?vYj@_+
Vyl=+t
V"ZZqj
W3K@B^
W3PcRnM3
w{3::s=26
:}~W4+
w?4b_XX
W5ER~|
w5WWWW
W@?\6B
WaitForInputIdle
WaitForSingleObject
wbD9t !
W;^B}N,
|_%W}D
wdBZA&`
Wednesday
wEDo!F
]WE.Pjzev{
WfF 2o
wf^mii
wF@%>Nv
<wfZn-
(w'^[?h,-J
\w$i@\
WideCharToMultiByte
WINRAR.SFX
wISl`&^
W*/m\,%
wm71u 
) wPdL{
'WPF5v
WQI|HZ
WriteConsoleA
WriteConsoleW
WriteFile
"w[S33
)wsiWn
wSw_i4/
}	?^'wt
Wtaen;I
w:Ud4G
.wU;Q^
wUt|FS
 wv/+&
Wv}'C0
wVn94Td
wvsprintfW
ww4j~[
}wW)9OC&h5'K
Wwgu"'P
WwR"'P
Ww@^Ru
WwS7'u
$^wwvI
WWW5XXXK\A_v`'f
WWW&UUU
wyzq^}
w.z8K\3
;x}!{&
#x]!]:
x02(w$
X}?|0m
X|0&oD
-X/2	0P
>]x,3_)o
X3xmqf
] X4N&
X4&pJU
x6cvl"
x_ ?75
}>xbaT
xBE0n/
Xcf3;$
XC@w}z
X?E{6K
%xEXi/
{X(f`/
`;XF'}
\^{xF3
x&G9;6(5
XGDqJW
?XG+	z3
x+](|H
xK*#g.
XlB<$/
]Xl\jD
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
xMraDKcN
)XnQoF`
.xoG{Su3
xppwpp
*x?pr3&
xpxxxx
\!)xqI
X ;}_r@)lu
x!}`S ,
xs,MRX
XSot%g
&X)s|t
XT+,[x
x>WcFI
!xw \S
X<xd/(
X-}]xKI
xY#hFm
*xySsb}
]Y2b1Jd
;{y6(-	
!Y7?;B
)y7v]/I
y{>9_Bu
Y`9sPj
Ya`u7%
	Y~#+B
 Y!b(9
)Y,:Bd
yDV.DL
y)gAWh
Yg%:u(
yHIql8}O
$yhoab
yh_'x:Ks
yir(kz
Yi*uQE/
{yJU.Y
YK:j|Q
Y{K)R?W"
YL[KF:
y'lO_~MD
'yl#qQ
y}m1?@
ymul*26
YNANRC
Y|nu*>
y"o3!*
YO3A/Q
yoNG\O
Y>PU|O
yq15b:
YQQq,%^
@:YR`|cl
YrEP)V.
=)y=s]
yS@rd*e5
>=Yt1j
YTWhC(9
yvE(CB
y#VHIA
Yw";d%
YWj\_f9>uOf9~
y.X>`]
*^yX=t
_^][YY
YYh@uB
Y[zwQU
@ %Z~"
*%:Z\~
z0|N	X.Sh
Z2fQ`c
z4!ljF
z6M|qu
$;/z7O
z7y.=V
Z$!=9~
Z]9v=q;
z'AQex/
`Z,=d5n
z,d9l!
^zdFf^\
([$Zeo
Z",ew_
:z+E{z
zfXSKzf
Z#~fXV
ZG_(EW%>
'zja^t
z%k(~>E[?
>Z:L,},
zlfXQGpc
)Z%lOh
zly%)et@
ZM6FX_
Z""*MU
Z`?N,5
z/N,*5q
Zo?OZm
ZQ:66/
zq'j&#
z`(Q(U
[z!%SLO
/z<Tv>
zU 2{L
'z}u-:4
Z+-u^H21
zUK^NXW
*.Z+W8
)Z%Xw=-
zz2)r6
zz_$rqR
]ZZs>m
~zZzNu