Analysis Date2015-01-08 18:01:42
MD57882735cb4ba3076864107d57b621e55
SHA1a0278d27262c32eb74e03dd4f7bbb6c6a438ecdb

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 92abffc6a56a40e47e60620bc02b652e sha1: 0f0b7a0a768d917abd5efc4f25cc3abda79b7875 size: 152064
Section.rdata md5: 3bc937cdae1248917ecca2bfbd21ec86 sha1: c6b7a3c9f96fa55979b14e31935e9642a6c0a983 size: 20480
Section.data md5: ec6b38244c52a1c8d4b504f9e1522d10 sha1: 96f534dc6432a17253a01e55f4fac61788a4ffe9 size: 5120
Section.rsrc md5: 01d671cd1098d4c72cb2a23038c22470 sha1: ffd2deb5577d5ea447d59996591abc5da76be916 size: 16896
Timestamp2013-08-22 13:00:50
Pdb pathd:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb
PackerMicrosoft Visual C++ ?.?
PEhash83693f921ea542d848811b0f6303cf82e4774819
IMPhash3eaa732d4dae53340f9646bdd85dac41
AV360 Safeno_virus
AVAd-AwareTrojan.GenericKD.1928124
AVAlwil (avast)Agent-ALQ [Trj]:Agent-AUJY [Trj]
AVArcabit (arcavir)Trojan.GenericKD.1928124
AVAuthentiumW32/Trojan.RKCS-0596
AVAvira (antivir)TR/Agent.952652
AVBullGuardTrojan.GenericKD.1928124
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)Backdoor.DarkKomet.r4
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftTrojan.GenericKD.1928124
AVEset (nod32)Generik.MVOAOGS
AVFortinetW32/DarkKomet.DQGC!tr.bdr
AVFrisk (f-prot)W32/Trojan5.KQW
AVF-SecureTrojan.GenericKD.1928124
AVGrisoft (avg)no_virus
AVIkarusTrojan.Win32.Inject:Trojan.Autoit
AVK7Error Scanning File
AVKasperskyBackdoor.Win32.DarkKomet.dqgc
AVMalwareBytesTrojan.Dropper.SFXAI
AVMcafeeRDN/Generic BackDoor!b2a
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)Trojan.GenericKD.1928124
AVRising0x578325f3
AVSophosMal/MalitRar-A
AVSymantecno_virus
AVTrend MicroTROJ_SCAR.BMC
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates Filehlsii.vbi
Creates Fileeifrj.wxb
Creates Filebomtd.was
Creates Fileuuqws.sib
Creates Fileentkn.muj
Creates Filewedic.jmu
Creates File__tmp_rar_sfx_access_check_74812
Creates Fileqrwkd.teh
Creates Filerdcup.kbl
Creates Filegsmix.jlg
Creates Fileqrmtw.hqp
Creates Fileejqva.ged
Creates FileYMQGIX
Creates Filegmvod.sfd
Creates Filepgmep.ece
Creates Filevfusw.nrb
Creates Fileutqdr.dch
Creates Fileaqwkq.nnt
Creates Fileltpdm.vlh
Creates Filealujs.fln
Creates Filecpdvo
Creates Filersxkx.vlk
Creates Filealbdc.jca
Creates Filemmhnw.pkt
Creates Filechfah.bqt
Creates Fileenvuk.tpx
Creates Fileddngr.anh
Creates Filervjxa.bat
Deletes File__tmp_rar_sfx_access_check_74812
Creates ProcessC:\Documents and Settings\Administrator\Application Data\sfbrb\rvjxa.bat rsxkx.vlk
Creates ProcessC:\Documents and Settings\Administrator\Application Data\sfbrb\rvjxa.bat rsxkx.vlk

Process
↳ C:\Documents and Settings\Administrator\Application Data\sfbrb\rvjxa.bat rsxkx.vlk

Creates FileC:\Documents and Settings\Administrator\Application Data\sfbrb\ZJMWP
Creates ProcessC:\Documents and Settings\Administrator\Application Data\sfbrb\rvjxa.bat C:\Documents and Settings\Administrator\Application Data\sfbrb\ZJMWP

Process
↳ C:\Documents and Settings\Administrator\Application Data\sfbrb\rvjxa.bat C:\Documents and Settings\Administrator\Application Data\sfbrb\ZJMWP

Creates ProcessC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

Process
↳ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

Network Details:


Raw Pcap

Strings
.
.
.
x
...
0(.
CC
0
 
\
.
S
?*<>|"
\??\
\\?\
%08x
2created automatically before extraction.</li></ul>
2The archive is either in unknown format or damaged
about:blank
Accept
A&nbsp;
ASKNEXTVOL
AYou may need to run this self-extracting archive as administrator
<br>
&Browse...
Bro&wse...
bytes
%c:\
Cancel
&Cancel
Cannot copy %s to %s.
Cannot create folder %sHChecksum error in the encrypted file %s. Corrupt file or wrong password.
Cannot create hard link %s
Cannot create %s
Cannot create symbolic link %s
Cannot open %s
Checksum error in %s Packed data checksum error in %s
Close
@CMT
Confirm file replace
Corrupt header is found
CreateThread failed
Crypt32.dll
CryptProtectMemory failed
CryptUnprotectMemory failed
Decline
Delete
&Destination folder
D(null)
EDIT
-el -s2 "-d%s" "-p%s" "-sp%s"
Enter password
&Enter password for the encrypted file:
ErroraErrors encountered while performing the operation
E<ul><li>Press <b>Install</b> button to start extraction.</li><br><br>E<ul><li>Press <b>Extract</b> button to start extraction.</li><br><br>6<li>Use <b>Browse</b> button to select the destination4folder from the folders tree. It can be also entered
.exe
Extract
Extracting files to %s folder$Extracting files to temporary folder
Extracting from %s
Extracting %s
Extraction progress
File close error
folder is not accessible
GETPASSWORD1
                                 H
         (((((                  H
<head><meta http-equiv="content-type" content="text/html; charset=
         h((((                  H
hRichEdit20W
</html>
<html>
.inf
Insert a disk with this volume and press "OK" to try again or press "Cancel" to break extraction
Install
Installation progress
jjjjj
jmsctls_progress32
kernel32
KERNEL32.DLL
License
LICENSEDLG
LICENSEDLG	RENAMEDLG
.lnk
Look at the information window for more details
lSome files could not be created.
%.*ls(%u)%ls
Main archive header is corrupt
manually.</li><br><br>8<li>If the destination folder does not exist, it will be
Maximum allowed array size (%u) is exceeded
*messages***
modified on
mscoree.dll
MS Shell Dlg 2
Next volume
Next volume is required
Not enough memory
No to A&ll
Overwrite
</p>
Path
Please close all applications, reboot Windows and restart this installation\Some installation files are corrupt.
Please download a fresh copy and retry the installation	All files
Presetup
ProgramFilesDir
__rar_
.rar
RarHtmlClassName
RarSFX
Read error in the file %s
Rename
&Rename
RENAMEDLG
Rename file
REPLACEFILEDLG
riched20.dll
riched32.dll
rtmp%d
runas
"%s"
SavePath
%s.%d.tmp
SeCreateSymbolicLinkPrivilege
Select destination folder
SeRestorePrivilege
SeSecurityPrivilege
Setup
SetupCode
sfxcmd
sfxname
Shell.Explorer
Shortcut
Silent
Skipping %s
Software\Microsoft\Windows\CurrentVersion
Software\WinRAR SFX
%s %s
%s%s%d
%s %s %s
STARTDLG
STATIC
</style>
<style>
<style>body{font-family:"Arial";font-size:12;}</style>
TempMode
Text
%The archive comment header is corrupt
The archive comment is corrupt
The archive header is corrupt
The archive is corrupt
The file "%s" header is corrupt
The following file already exists
The required volume is absent
Thread pool initialization failed.
Title
__tmp_rar_sfx_access_check_%u
=Total path and file name length must not exceed %d characters
UNC\
Unexpected end of archive
UNICODE
Unknown encryption method in %s$The specified password is incorrect.
Unknown method in %s
Update
UTF-16LE
UTF-8
utf-8"></head>
WaitForMultipleObjects error %d, GetLastError %d
WinRAR self-extracting archive
winrarsfxmappingfile.tmp
with this one?
Would you like to replace the existing file
Wrong password for %s5Write error in the file %s. Probably the disk is full
&Yes
Yes to &All
You need to have the following volume to continue extraction:
                          
_:*^^+
-\"~<"
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
045?UY
~~04f_
0!6|T"
 (08@P`p
;09NgZ
0A@@Ju
0<dH9CBa
.\0_E|
0@FJ[,
0gM+F+
\0{Ivn
0+la-O
-0=lz)Y1
&0[#nGh
0q"Q,/
0r3SUf
0SSSSS
0Tg}99
0T>-vr\E4
0[t!X+VFvJ]J+
>0vQ5.>G
0v[q#p
/~?0Y~
0ysc#)(
=============1
^12;59
1*7jWO
17L3od
19TmoI
\1|9u6'^
1}DfG2
]>1~(h!&
1#*`h.
1h7#IQto
;1Hlta
1I3V8_
1j&9Xs
|1l*PJ
]1mA7@y
1O^eO$\
1*q}V'7
~)1u!"
2+\;0!
234_/[
29IDqr
2CmR06
2dvWS};
{2fE/"B
<2(g*j-
2gx52p
2IA@X1YKizzI[V
;2j;@^
2juRSg
2/mjdVU
2&*Q'j
2RwL6B
2RWV<'
	#2wn9}
 2Y3S/
2|YaAp_
2,:-z?
31z7n<I
33!D	3
_3A)4Ar8P
3bP~%$S
3d:`s6
3*f&3Je
3GfB&yR<
3gr&QK~s+0
3h'NDUG
+3"IQJ
`3K5lB
{3KSSo
3[:lz<2
3Mr?0'
3MV]Bn
3\o7`5_
3]&ok]j
_3r^:}
=(3R%R
3$s{6kc
3SckL@t=l5
3sf]Z=
3=v=-	
3vMsmk
3wEZ?;U
3|w_w^}
42"w){p
43ZB7i\
`)&4**&A
 =	!4b
4B>8H6
4C1.Rp
4cz'W5
4dgfe%
4[(E-A
4f[*Y[b
4|gJSXM
;4Jw9x
/4*L?[
4lGqDk
4lq.@1
'4M@fPL
>4nTg~^
4:=$o"
{4PPCk
4Pq6na
4~px(	#
4t')%DM}y
4YFqt@t
4-ys!J
_`5)= 
/5/< \0e
55fU"K
5aG2 r`
5"C`;Y
5 [E{G
-5eohs-J
>5F"G*
~5G<A]
<5JKly
5~>jXa
5`N%fQ
5OB+~2Wn
#5OTrr
5	oVUIZ
5~P_,5
5q3fl\Cn
5qbT/Z?
5QpK\l
5t&z2Fi
@+5!UG
5U HvX
[5>w3lD
.[5WdB
&5Yjnl
5Z :7NXW
5{zmS2a
5)&Znx
65LA*X
6a;e}nb
6B88G)
}_6>bMJ\
6dn:~x
6g=T>+
6h4Za@
]6I1YtC$
6jq!6Hs
\6p^f)fQ6
"6)PI&_
*"6q6$
]6[QsX
?6R?5R
6s!MYb
6->*ve
6w4a65^w
-6.ZC`
74q"S'
|]77.=
7HmgrM
7IP*"$
7`mBVq
7P;{\>
7p0RA#!
7;;>UL
(	:7Vt17b
_7WUU[,
<~$"7y
_%7_y:
\	',8<
\=84?l
85 ^gD
8+>6.O
88x&".
8Bia1f 
8CE3nD
_8@cl#B
8dBt>Tn
8E\^'6=!
8FDd*;
+ 8hpmEQY
8i@X7E
8-I}z#{
8Lu:5}X
8!nd&L
8P(`,X
8SVWj 
8>S.zt(
8"tVVWS
8u[#?>
8]uG7+
8uNp,#
.8.w9n
.8+~wvv
=8)yjP
94'~f6
97OhpA
98FyJs
%9-bsO"P
9jD*xy_
?9Jk%U
9Lr%^o
9S)arb
9sI,e/
9"w>K_
9.WZO`S
9[xnd_
9}Yf2L	
](a]/>
A0.1tB
`*<A@(1
(|A2,r
a3!eFW
a5t	hX
a79L^w
A89f) 
a8	BZX
a>'b>^
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
+'abRg(
" AB!ZL\4
Ac?_#P
AcT_|&
AdjustTokenPrivileges
adMh&/M
AdoL9P	
ADVAPI32.dll
#aeAUCV
{=a_Ehwc
=A+FT_
Ag9=H,7
AG{ w/
.?a <KNt
albdc.jca
Al}E&>
alujs.fln
AMWF=.
An application has made an attempt to load the C runtime library incorrectly.
A*)\OA5
AoM*L4
app!Kml
  </application>
  <application>
,>^aQS
aqwkq.nnt
Ar"qjf9
</asmv3:application>
<asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
  </asmv3:windowsSettings>
  <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
</assembly>
<assemblyIdentity
    <assemblyIdentity
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
AU J_(/
a=.uK[.
aVA(&w
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
.?AVexception@std@@
.AV%kG	gn
.?AVtype_info@@
.?AW4RAR_EXIT@@
!a_x1v
A&Xyo*
AZF ;n
azTX%e3
a (Z^XfSW
.b1Cib
B2bDx.?
b3:90Q
:b5|/Fu
<b5S^@
<(b%5T
b8391ZPt
$B8bGc|k
bad allocation
bad exception
 Base Class Array'
 Base Class Descriptor at (
__based(
]:bbrZbjZn
]#^bc~
b`CaX|
|bc,FY
bD{-<\
bdCd4M#u
bDS"P32
\b@]e@
!bE-R2
b;&eS%
Bf8F*^
BFg\'|
BG6?"_:V
`bGa1n
bgBpRS
b=haAmE
>B:]He
BhT[9p
<B@II;
*BiLEU
biziMR
#^#Bl-
bLE-9	
BlLR=J
BM`*=~
.BM,3C
bomtd.was
.^BPa^
b?\p:Y
@{b?Q 
+^BqFEbQ
Br89wE\
b~v1_JN
-bV&)e
BW2`b(
#B]Wq~
]bXf!_%
bx" O,
Bz8	hagH
Bzv'M*5m
%/^=C;
c0E|"?
+$&c1;
C5&/=E
c7H7EE
CB1	$4
C';|bB
;C)bF9^
CCiq!>
cCjbO0g
cCL "N
|CCs]e
__cdecl
C']dFdmq
C.dO[}
cdyb_W
%}(CEf6
CEU+; 
cF3Gz8e
CharUpperW
ch)b8Y49&
chfah.bqt
c[_|j0(
 'CKdU
+Ck&>$r
 Class Hierarchy Descriptor'
@CLayD
CloseHandle
__clrcall
CLSIDFromString
;,c.%lu
CMYAsm
{CNUC&*
?^CO12
CoCreateInstance
COMCTL32.dll
COMDLG32.dll
CommDlgExtendedError
CompareStringW
</compatibility>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
 Complete Object Locator'
CONOUT$
COoW$r}
`copy constructor closure'
CopyRect
CorExitProcess
cp:"36
cPnOTe*
CreateCompatibleBitmap
CreateCompatibleDC
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateHardLinkW
CreateSemaphoreW
CreateStreamOnHGlobal
CreateThread
CreateWindowExW
- CRT not initialized
CryptProtectMemory
CryptUnprotectMemory
.C[SFG
&_C~T%
CTp|fp
c+ts:	
c/TU#ap
%cVRcRq-\
`C-w+i
	`cWkB
cx;a?l;
~_CxT>hd!
c/y7'!
=;\CY7
cY_D,,
cYE^G4
Cy,J4\k
/cz3p(q
c:zRU/l
;/?;CzRV'v&
;;+&d;
\d@&`?
d4%WN9s
d5d$&>O=x
~D6}!t:'
d|8loM
!=d8Twd,
Da,[|g1M
@.data
?_D`\b
d ;\\-br
dc]Eu*
d}^!co
dddd, MMMM dd, yyyy
dD,m^'U
ddngr.anh
December
DecodePointer
`default constructor closure'
DefWindowProcW
 delete
 delete[]
DeleteCriticalSection
DeleteDC
DeleteFileW
DeleteObject
</dependency>
<dependency>
  </dependentAssembly>
  <dependentAssembly>
<description>WinRAR SFX module</description>
DestroyIcon
DestroyWindow
DeviceIoControl
=+>D.f$
DH}Ck%
d"}},i,
d!;i9i
DialogBoxParamW
Diebkh8
DispatchMessageW
DIVIZW
Dk9t"<
DlCdKb
$dLL:o
DM7\p)
D.M8bta
d<MK,DB
DMZ8JA
d,Oc}Z
DOMAIN error
/!Dopeo
DosDateTimeToFileTime
$dP(:6
    <dpiAware>true</dpiAware>
d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb
DQ(3_I$
D$_qE]
_d@qL~>
DQX*Om.
d)S@h0
dSIk~>N
<dST!!
#$^du{
$D&\uj
"d"uq=
dwbV7Btt
>\<DwH
dW[j_#XX
$$DW$mRV
]#Dx\p
DX)S12
`dynamic atexit destructor for '
`dynamic initializer for '
(dy%\Wr
,}dz']
DZ	Tef
D(|zw&U
==,+(e
\,e\) 
<~!$+E
)e3Og)3q
~{E3Y]
'^`E5>
 ~e5NB
E*7km:
]*:e*8
+E9N>w
EagD.;
EAk}>(*
/[e~Ba
eB/X[!
E!D6JU
_E\Eb>
eFs@	Q
egbkIt
EG`=EC
eG~p4v
e((h8E9|o
+E'/HG
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
-+Eib+
eifrj.wxb
e!I$M|
)'(<eJ:~
ejqva.ged
ejr[(M
?EjvSO
em'`|:
+emlH%
EnableWindow
EncodePointer
EndDialog
ENt/{5E
EnterCriticalSection
entkn.muj
envuk.tpx
 eOYdpM
Ep_kF${
e/r7]JD
erQKJz
%E<RT2
+E*sV1
ESxb)t*
;.eTd^
&$(>E+U
EU}^8i
_>eUx<m
e>&w:/
E"Wh#pWr
Ex?,Gh
ExitProcess
ExpandEnvironmentStringsW
]ExzSa
eyfE9&
EY~u?g
@EZee|
EzhuTJ
e'Z:/`VZ!
e-Z\x|
&eZX"T
f']"+]
#F\"/{
'f&2h0
-f5mp1q
F5y7n;
\# F6G
F*8Okj
)\faDe
__fastcall
^fc5F	t
f;#cGjU
Fckc{$
fCs1!O.t
fD3'|,
FDqRZ:`Fa
February
[Fem$k*
+=ff)7
FFF))EE	FFFF))))))
|Ff/it
fGSA\_
Fh4aZD@L
fhpFp]
f.H(;Ss
fh]U<9
FileTimeToLocalFileTime
FileTimeToSystemTime
F<i=mb
FindClose
FindFirstFileW
FindNextFileW
FindResourceW
FindWindowExW
fI	wU 
fi@X7E
":fK\`
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
F["l't
FlushFileBuffers
fmha;(
f+M^{$~R
fm@{t'
FNo7Oy	<
 |fQ}=~
fQsiM_
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
Friday
Fr KI.
f*rZm)
f<;.[S[
FSQ4Cxr
fT^\3-
<F"t	@f9
`#FTsF
f:U0a6
{Fu$+Vc
<+Fv3\V
fvB#>No
FV-gGg
FVH=3+
f\:w-|[
Fw9mQ(N
Fw<|G+CUSU
fyEW}M
(+F+Z@j
"&|?{G
G0upz^Y
(G133x
g33WwQ
G.40H0-
G50Q?BN
g-5<^E
G8`MDxa
G8)'Y,
g9+AP'
g9IrcGvI
;^g);A
G:{A#+
GaN!(o2
gaO[mv
GC6$5<
gc\DY+
gC_VM_Laa;#
GDI32.dll
G?e4OfLh
gEF]--I!(
GetACP
GetActiveWindow
GetClassNameW
GetClientRect
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetDeviceCaps
GetDlgItem
GetDlgItemTextW
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesW
GetFileType
GetFullPathNameW
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetLongPathNameW
GetMessageW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetNumberFormatW
GetObjectW
GetOEMCP
GetOpenFileNameW
GetParent
GetProcAddress
GetProcessAffinityMask
GetProcessWindowStation
GetSaveFileNameW
GetShortPathNameW
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSysColor
GetSystemMetrics
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
GetTimeFormatW
GetUserObjectInformationA
GetWindow
GetWindowLongW
GetWindowRect
GetWindowTextW
&G*}EZ
gF'nFe
Gg b/,,`
GGeCwR
GGRz}e
g/gU:.
g-_ HA
GhbdvMXG
Ghm.[/
[GiHvH
Gj0jjWP
GJ{n->
Gj]]ru
&G>j)U
'g /kI!
Gko^$VC
&GkU1%
GlobalAlloc
"Gmv5H-
gmvod.sfd
.[|gn>
GO(6Ua
gO9k;B
GOgWn_;G
G	q2_!|~
<#g@QX
Gr=z^\
_ +g>S
-G>s2E%
gsmix.jlg
gtI1	}
g%T)jt
gtkWVM
\gtxZD
G&u$-c`
gu,ebv
GU(LXFz
guz|PzH|
gvl@)T
g)wlOW4Fv
gwS3	3
gwS37%w`	
`:;g:x
"GxK(A
GzeB}~F
gZQ%C~3P
`h````
h{	,?$
H?4GJe
h4TTq!G2
H 	5?w
:H7]j(
h}7,vu
Hbe4$k
H_|dt&8
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
H@E	r;ds
 h<GrQ
=h&.H'
`h`hhh
HH:mm:ss
hhP*bQP
)Hhx{8
h(/i(,
HIAvP+
h;Iw!bu{
hj}M y
h)L8d0P?
hlsii.vbi
hL~?XKL
>_HmQf
->}Hn}Y~}
}H:.O>
hOu_fN$H\G
hpD"zH
HPhL81
hP^zo[
HQ.p|l
/Hqq%T:
HtCHt<Ht5H
)hT& ~FD
HtFHt8Ht*Ht
HtHHt:
HtiHt>
HtOHt^HtBHu#
h<VJGS
Hv!T<}#
$hWG[Jb
@/@#HX
HX=2{5
HxEow6
;h+xk)
hY3S5C
hY8	_l1
h$Y>G9V
I0E#DG
i^1x-N
i_@9&L
,/i9L"v=B
Ia(1pL
i>A.A_ 
i}Aj xN
IAN	]=
i be~0
I'B.GE
Ic}Vx.
id4&IO
}if%LV
If%,tO
@iGABnC_F
igB \,0
iJy0-u
?IM&\\
imL.!Y.
imZ+8lp
iMz_c!
InitCommonControlsEx
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
=I	O::5
]ioG2 
i.(oV-
i-P08b
i$P	Jl
irzeLT
i@SaGp
IsDBCSLeadByte
IsDebuggerPresent
%"i`sM
IsValidCodePage
IsWindow
IsWindowVisible
iTlm:Q
it.pD|
%I:*}u;n
I$=vlT3
iVqKTn
iW AvtA
#IwmV!|
)%i*X|
ix1419
iXvGBT1_
[	J.<\
j6`R_c
	!J7$,DE.
j-7IRu
JanFebMarAprMayJunJulAugSepOctNovDec
January
JBA[Dw
jBn+8S
jb,Sfg
;j,cF-
jCm.uqt)
jCOiXH
JCR/R{
JD)G^O
 -je{`<#
J/eC`}i
?j'|G)CU
jhmd\Y
j;I\"D
JI$Y@vY
j@j ^V
j^#KCG
j=kdCC
;jKOq\
Jk#]u(
jLmT|&
+_,;j)?Lu
jmC'aHV
Jo&&	A
_%[&JOr]
*:jo*v
J_|P`9
jpd=,I
jPX(}a
*jPYx3
J[QhOl
J$rD2T
Jreo755AWW
jse./`s
j"^SSSSS
[JtH{t}
J(tn{?
JUX;yn
==j,=v
\} jV!
JvDw0#
jw8v<LTw#"
j;Whb.
jXB \4cf0
jXfMS*
j(xh_/
jY$J(y
j Y+L$
J[yo]p	
Jy*)s)Zi
J)\-yv
jzjl42
J&z>?l
K12xwsKv
k2F'f|
K2UkoW
\K*;.%4^
k5ZI+Fy
K8R5%z_
KafaSj
K~AP@0S_
;k~blHt
K$"<CP
,	KDe1
kD|M.Z
KERNEL32.dll
^]keY.
}k_\FR
KG{Z-uT
%KH]_{
k%h0(G
k%hhw-C
k><.:h	t
KidN#_F
_K}iI/:*;
KJC5@:
K*"JK@5
k,#JqcC
KJ"rds
K>K4>&s@
;kL]~>
(kl"d9
Kn4Qpd_
Knb0)#W
{$KN?SQ
~kRIfn
ks_?.]
&\_Ks8
Kt.jU#
ktTkjE# e;
K_UxGW 
k`WnYNr*r
K}[xqfR
kX!wk!
;[k<]Y4
,	'KZo
L1{+[D
l]1x1%
l),!29
L3]~8$
l,>8v!A(
;LalpO
      language="*"/>
LCMapStringA
LCMapStringW
Le,&6G
lE>8Z+
LeaveCriticalSection
'L(EtK|-
	lf=[o
L"Fu%B-
l=FyK7O
:l[	G'
%LH/^^
LhNUmN
L"hv`ax
lK{_3B
@:lKX\
"_lK	Z^
Lkz6vS
l}M;<=
|lNET.
L/]n]I
&.Ln{Tm
LoadBitmapW
LoadCursorW
LoadIconW
LoadLibraryA
LoadLibraryW
LoadStringW
LocalFileTimeToFileTime
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
^)LO~K%w!
LookupPrivilegeValueW
<^Lq6*
@lq\YN_
LQZd}}4^
=}LSoo
LT5/<g
ltpdm.vlh
_(lV.``
Lv#d,/
lV+n|j
.}LwB+u
LWEiHx
$lYA`O
lzR{6;c-
:[/m'0
m0|dqH
.m?"2L
M3+4?`
m3 `5/
{,m4rs
M?6KG)
M6^P;*
_{M	7/
m$@\73
<m$8BV
)=}m{*8n
[@m({9
!m9-o"
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
MapViewOfFile
MapWindowPoints
?M_Ar7fs
m$BhF	
M<@bJ#Lwa4
mbM]C{
m#,}c)y
mDbtK%
m`dp47^
mdxBf,
m;e#MW
MessageBoxA
MessageBoxW
*messages***
mff<`a
'M") gJ
MH"b	 
MHxz_q
Microsoft Visual C++ Runtime Library
mJ=-K;
MkhW;RF
MKPf[f
mlJXC}
.m@Lrk%
MM/dd/yy
mmhnw.pkt
mM	mDM
mNG rM[
_"Mo(H4
Mo*<[j
Monday
MoveFileExW
MoveFileW
MPhx?]7S
M`\:q;
MrkYuZqB
Ms3iwG
>!ms\`h
mtgHSVtD
mT_IVvQ
MtM1x4
mTXH1's
,)m"U}
mu9(v]
MultiByteToWideChar
M;|~u]y
Mv2>fD
+ m<V8
m/%W:8
MWE os88$}"
!Mw%i\X
	m_XCDk
?MxxGrO
~mZrk\/
MZ`YdwU
N.(|.`
n!<0ZV
n~1|z>
N37Pp@
N'5?Ij
N71}T	
n	7UF	
?N8[h8M1
      name="Microsoft.Windows.Common-Controls"
  name="WinRAR SFX"
N]B|>iJyl
nCC"-r>D
NcxPnXbH7A
{ n\D)
=]Nd;?
nD5Cu?
}n%D,m6T
 new[]
,=n]f6
,Nh:bG
NHO*.R
NJ#{b*
*N	KBM-
\{~nKn
;!N<&kP
nl4Q86'
nMIx]a:
n|OD^L;
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
Np9FTsP
np|;eo
NP"-}p
N	/|SCO
}$+nSiw
@n!T O
nuB}#E
(null)
Nu`m"jG
n=ux	1P^
N@v;E}
nv}FYj
Nw IPEG
NW<-r+
.:/=NX
n`X9)nL
nxa94N
NxS@MN
nyJws"
NY.Y_,
="nz198
+[o]<#
O2DzqI
O+3G*X
|O4:o&/
O6[J+7
:O%7Yq(
o8`@aI
=oa&5/2h
{oabctI
oae#D A
oAKn.Yv
October
oD7ar/
o]%dH.Z
,ODpSv
oDr5dJ
+O>|Dx
oDZ`7"
OE%K\_
OemToCharBuffA
o@eoLX
OFg^&>B
oFxRgM
O&-G~r
o`HeVuJV
O?:Jn4
oJXUK'
O}kAk+
;O<k-L
O"l%~_
Olb(QF
ole32.dll
OLEAUT32.dll
OleInitialize
OleUninitialize
	;|OlK
!ollXN'
`omni callsig'
O!nG{I
o&nI,a
ON]=J\R
oNr|02-
o`ok`R
Oosv|{
OOu$j	
oOuwI2=
o'OXkN>
Op9GTsU
OpenFileMappingW
OpenProcessToken
operator
opy-5I^2
%'O_u`
oV(7jE
Ov+HnuQ
?,+O;W[
owe9!Ut
`-o~X*>
o^YlQYE
Oyl{YF
oz/,#{
o>Z0"#g
+;oZ:W
% %*P*
P$=2gQ	M
P_&2\j
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADRar!
__pascal
PbqzX0
PBrT]fd5
P=Ce,b
PdqMd>!
PeekMessageW
(PEh!T
)p<emE
peNmv\
PE(%U.
Pf3|%A|#b
p]FmMF
pgmep.ece
p~GOw|
PH:6wP
^{Pj^""BT
p]j%f>
&p%.L{
`placement delete closure'
`placement delete[] closure'
{+$PLE
Please contact the application's support team for more information.
p ?n~VJu9 h-
/@p,oE|
p}]ORXL
PostMessageW
PO$X]a
PPPPPPPP
>pp$T(
      processorArchitecture="*"
  processorArchitecture="*"
Program: 
<program name unknown>
pT6[B,
/PT$Gj8m/
__ptr64
      publicKeyToken="6595b64144ccf1df"
- pure virtual function call
,pv,mW
p<<[x5
pxp2#*
?Pxq{a
?P*#(yh<
pYoqbg`
P~z-n4
'P#]ZV
p,zXG,
q1@$Z.
-_Q2D@
>Q4e{9
q4P&0&
q@5k4!
q*5V$P
q6n	};
<q(8JT
qa1fpb(!@
&q>a/iG
Qb	.Cgn
(q]BzB
Q{]cN^l
QD9] t
|Qg1Kd
qg4(J^
{qh? ;
\,QHc5
QHSc8=
<q$hX3;
qigff=
q&;<kQ
qLKFw9
QL;YLD
qm\[Aj
~Qmo$y
q^$n!?
,Q:}n:Vmv
Qny?/4
	"qoAUk
q p'[6
QQSVWd
qrmtw.hqp
qrwkd.teh
QsQ4h'
Qswli	
QueryPerformanceCounter
Q]~'UO
q!U"qY
qV4+&k
QwBm&H
q{-}xf{
~qXI]D
qZ`~Hq0I`
|Qzy:I
~,(R\\<
R~		&@ 
r0q=N0qA
r:125K
r6m!$N?|
r86FO3
R8=KWO{
R93LQc@
[R9MvZ
R\a\hK
RaiseException
/rB26622A
r(cUnNf
R>Cz-4P
@	rd0+g
`.rdata
rdcup.kbl
Rd(fw/
R%D<$Q
R%=dSI
ReadFile
`rE:Dq
RegCloseKey
RegCreateKeyExW
RegisterClassExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
ReleaseDC
ReleaseSemaphore
RemoveDirectoryW
      <requestedExecutionLevel level="asInvoker"            
    </requestedPrivileges>
    <requestedPrivileges>
ResetEvent
__restrict
RgD|Vn
r.)~hF;_
R+IQO@WS
RIw+` 
=RkZ6$G
rl6A8&
rn9Ps39
/\r-O<
RP?3i%
Rpflad
[$r'r	
rsxkx.vlk
#RT-4]~_
RtlUnwind
RtWkL| 
runtime error 
Runtime Error!
^'Rv`#
[RVH%OH
rvjxa.bat
!R,W!!
Rw0Tu*YX
*R*W6Jy
[	rx_k
ryl+XU
r=zoj)!
!)r*zy
s0%ZQ%Q
S1E^Z|Q
`S1xf3oI
S5mFZ5Q
s5QKdL
{s7b("&
:s7M:-o
SakXm}b7O
Saturday
`scalar deleting destructor'
,scBqH
S}=CCl4w
sD-2Fg
S.Dyb[
Sec0[3
  </security>
  <security>
Se?"K:
SelectObject
SendDlgItemMessageW
SendMessageW
September
SetCurrentDirectoryW
SetDlgItemTextW
SetDllDirectoryW
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFilePointer
SetFileSecurityW
SetFileTime
SetFocus
SetForegroundWindow
SetHandleCount
SetLastError
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
SetWindowLongW
SetWindowPos
SetWindowTextW
S]/)fx
s'$G(3}
Sg"!w.
SHAutoComplete
SHBrowseForFolderW
SHChangeNotify
SHELL32.dll
ShellExecuteExW
SHFileOperationW
SHGetFileInfoW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHLWAPI.dll
ShowWindow
[Sid~p
SING error
S[i^Rz{
@SjRYS
=sk~yT
slRhA"
Sl+?yS
\S.?/m
SN.:/\
So#C6r
/][sO[t
so$W(Z
s)P`GC
s[S;7|G;w
SSShtxB
^SSSSS
__stdcall
s.TJ+7
st>k0Zr
StretchBlt
`string'
sU*CXeNH-z=
Sunday
SunMonTueWedThuFriSat
      <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
      <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
      <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
=Su{wWOOWuyuO;6
`SVWjh
+@}S:+X
s_%xo0z2%
\S	>y-
$[:"S>Yf
SystemTimeToFileTime
s%-Z3;
,~[t[;
t=;0Cq
t1'H$V
+T]{1X@
<,~~t2
~T3I\gqj
=T3rFV
t3VSSj
t^6E13
	;*ta\
t$_ASL
T)BLON
TCeP)	sH
TCZgR(d
tD57	!
tDJER)
'tE4$=
tE,mbUR
TerminateProcess
t	FAA;t$
tf^zbu
T*g.DS
    <!--The ID below indicates application support for Windows 7 -->
    <!--The ID below indicates application support for Windows 8 -->
    <!--The ID below indicates application support for Windows Vista -->
T`Hi6vI
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
Thursday
T<IsG!
>TIz! 
Tj:1%H
t(j.Xj\f
< tK<	tG
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
tM|O11
tm/uTDW
t`n/7E
t-NeG~
T,nI1_1
tNI6e6d
(tNN&B
t|qxC.u
tR99u2
TranslateMessage
</trustInfo>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
t(SbXs
 tSj X
tsrvOhr|
t"SS9]
t<SSSS
tt}aH)
T"T>^@e
 (T'%U
t$<"u	3
Tu~A*"u{
Tuesday
;t$,v-
tw/Ij~
TWo[eV4
t+WWVPV
t%WzgMo?
t~x&%TG
t;XtJk*
TyJ:~}[
 Type Descriptor'
`typeof'
      type="win32"
  type="win32"/>
TY=<Ve
^TZ[7P*w~
\t{+z-n
tzvIj]GL
tZY7bz
,~'U~"
u0Yz2*`
U1d?,W/
U) ;1K
u2j\Xf
u3t`t^1p-
u3(&>Y/
<U5%#I
u!70_2
uCg$%SR
`udt returning'
	uD]V<
[UDZ)C
$'uf:i
UgkYFo
uhk1G:U
      uiAccess="false"/>
uj(pF/
@u!j Y
@u;j'Yj
UK3bMx
(u.<(l{B`AR
ulWj@X;
um7YYE
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
Unknown exception
UnmapViewOfFile
!U,^O\
UoYoao
UpdateWindow
uPhlvB
UQPXY]Y[
URPQQh
UrXYMd=
USER32.dll
USER32.DLL
uSm7j,[O
\=ut>@
utqdr.dch
uuqws.sib
?#uV1D
uV	E``Lv
uvy>3S
u?^WFs
ux0nLv!`Lv%
U{.XW4
U	Z[<X0
v2{v@4
V%3![&
V4}nB!0	z
v)%5#Y{M
v7Q@XT
V9Cu9y_
:va9SL
V@@AAf
`vbase destructor'
`vbtable'
vB*:xDX
\V?c2`
`vcall'
,,v[[d
ve:7}X
#^VEadtU
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
  version="1.0.0.0"
      version="6.0.0.0"
vf=!oy1v2
`vftable'
vfusw.nrb
v<_GALL
'v-g{I
Vh@	hG
vhT$>jh
vIk_Ntr
viO/oMO
VirtualAlloc
`virtual displacement map'
VirtualFree
v*ji!icXg
vjRQ#+X
V"k!T(
v!/;.m|1
VmeKI+
v\MrC$u
v	N+D$
Vn:hz>]
VO[..0
V:oKh+
V,onK5
v%/@P/
V!P.2]
$Vp{E3
["vpj	
/vpuS,
vQ0T@X7E
VQH/Q^f
V[qy7y
vsCGIG
v%S*Y7
@v]v0N
VVh8xB
V-~W7n4ke
V[W h^9
-v.wm\
v;Wo	;j0jz
VXGc]&
/VXX2455
vyAdbj
VYg,I*
?vYj@_+
Vy\s \F
VZ$jTU`<
?!~_w&
w)09bz
w5WWWW
w!6cc%
-w'{{~7
W9av4b
w9jDV	:
*W9p89K
WaitForInputIdle
WaitForSingleObject
wBl5:O
~WbYL4F
w`C	sb,CD
wC@X7E
wD1&91&Q
w'Dx#,
wD^ym.O{
=We/3d
wedic.jmu
Wednesday
WF<Zt-
|W""G=
WideCharToMultiByte
wIl,4;
WINRAR.SFX
{wk7JV
WL(eP]J
w%Mm!D'
wmT6],
W(]&o$
Wo0J__i+
(`;^Wq
wQ@SaSR
WriteConsoleA
WriteConsoleW
WriteFile
+WrR#o
:w&#Se
WSo}$0u
WU}Ln9
WU"Y1v
wUzL"t
WVAX_W
w!v%O}T8
wvsprintfW
wVWT.f
Wwgu"'P
WwR"'P
WwS7'u
W'\W\X
(W|-X&
W$x"$Qa
`=w|Y|
 WZY41
!X0(F}g1X
x15m0U
x1QWESf
]x](3?
*X3['YiiQ
X.6]j>
X7$<<>
X97vMD
x-9hD"
X*?'b5
X"B6=~$
Xc1Nuj
 XcdPU
{xD+^^
X%{D/<[1
`_&Xe>M
XFSP3M+0
XF(UCc
X+g2hgz
xG4XO<3
&xhs4CHF(
?(Xid2
&XIt\\b
:X*^/lk
)XMIk>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
xM?L|y
XM`sZs
xm%Xv6
X=n0eu
xN4O[,6
[xn\E\
XN_h';
$$xNT3y
.$Xp"4c
#`^x?pH
X~Po4,
xppwpp
xpxxxx
XpYs&7
XQg] g
XQ^y1H
XR}bE6
X	Rf$<
?x$~S*/
?X?S@[
x"Se/e
[~[>XU
x.U8,$
xU8eS?
x/uXbT
x<v6"V+
X;>*Vg
xV_ Ko
X]W;<:
XX2C+8
xXP0VR1
x\Y "H
y1083.t
y1"qR93
Y1W1F@K
y'3+7|
+	Y3i+
Y#4^T?
\^+y5>	
y5wZ?>m
y68(w h
y7|X1t_
ya6XwP
Ya:g;~m*
}yAxvs
YAZ(U7
Y;#	bv}
Ydh+6v
_Y E]<
Yf*#;D
-,yF%T
.y^.g*
YGo3f=M
yGuBK4
*yhAt~0_]
YI3OBVs
&Y-"Jc
yJh3fs
Y%jsmQ
ykzP>+
*Yl^\_
Y:lRDq
YMQGIX
Yn7JSt
YNANRC
YNozd=
Y: Opw
Y#PTYm,
y*<qgJ
$YQ_]n
y+*R3$
$$Y)R cf
/ysHGh
>=Yt1j
YTAg6t
y?&U[J
yv*|69
{Y(".vE 
Yw{aL>
YWj\_f9>uOf9~
yw]mw8K
](=~yxk%
yXWF]1ou
_^][YY
;yy_)4
y y|=8!}
  |\YYd'
YYhPuB
yy.?R2
YY)y"o	%
,}YZ+\a
yzVktm
)!_`/z
z0m1Ec<]WN
z0nv^V
z21*r>
Z;3#."
`>Z3)c^i)4
z%/3l|"
|z5#\)
z8Ty@f
z%<8#z}
Zbdp1~\
z`\\bhg
ZC4|0b
Zc.Dv}
ZdO	o,
z\d[p.
,z?f-_b
Z[FWIbF
ZfyB{Y
]@]zg|
	\ZGonA
z(H5_\@
ZHGyI*f
&|zIb}AE.&	g
ZK#`Ad
&z_l@hpd
)znb/[
~/z_o#oj
&/ZQ9%
ZSY\y?,
}z\?[#t
.Z*U`_Y
Zv\)o2
;{%zXC^q
ZyHs&](m
"zyrM~Zhl
Zz]x,=