Analysis Date | 2014-12-03 06:52:19 |
---|---|
MD5 | 20bcbec884b03dc1a690e27f20090c71 |
SHA1 | a78d592e4f006b7ef4fe98a9787a516cbf5de22a |
Static Details:
File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
---|---|---|
Section | .text md5: 86545ce5ca75d7e4dcf363015c199283 sha1: cda6553c89dc1bc24d72b2aaa0ece4da2a40021f size: 158208 | |
Section | .rdata md5: df525fbfab9c526fad0fbe0025155602 sha1: 318df8d4c2cf1223b4bafc97b7cdc92650f3d68b size: 7680 | |
Section | .data md5: c09bf44b072678e62bd78e5b20489cb8 sha1: 45d8724e9c2de16e85aff4da7b6be14231d58805 size: 3584 | |
Section | .rsrc md5: 88c88892e37f4916ac350085eba32dc9 sha1: 6f812df6a71df22d9135a47754dd2307eb9c7ecc size: 301568 | |
Timestamp | 2012-10-18 11:34:07 | |
Packer | Microsoft Visual C++ ?.? | |
PEhash | a66d95d9cbdd82d1cc662d4c777e38c555ee3b19 | |
IMPhash | 2aeec6ce5d40ec8b3bd612e86cb0d990 | |
AV | 360 Safe | Gen:Variant.Symmi.7206 |
AV | Ad-Aware | Gen:Variant.Symmi.7206 |
AV | Alwil (avast) | Trojan-gen:Win32:Trojan-gen |
AV | Arcabit (arcavir) | no_virus |
AV | Authentium | W32/Cidox.A.gen!Eldorado |
AV | Avira (antivir) | TR/Vundo.Gen7 |
AV | BullGuard | Gen:Variant.Symmi.7206 |
AV | CA (E-Trust Ino) | Win32/Vundo.N!generic |
AV | CAT (quickheal) | no_virus |
AV | ClamAV | no_virus |
AV | Dr. Web | Trojan.Mayachok.17986 |
AV | Emsisoft | Gen:Variant.Symmi.7206 |
AV | Eset (nod32) | Win32/Citirevo.AD |
AV | Fortinet | W32/Cidox.AND!tr |
AV | Frisk (f-prot) | W32/Cidox.A.gen!Eldorado |
AV | F-Secure | Gen:Variant.Symmi.7206 |
AV | Grisoft (avg) | Win32/Cryptor |
AV | Ikarus | Trojan-Downloader.Win32.Vundo |
AV | K7 | Riskware ( 0015e4f01 ) |
AV | Kaspersky | Trojan.Win32.Generic |
AV | MalwareBytes | Backdoor.Cidox |
AV | Mcafee | no_virus |
AV | Microsoft Security Essentials | TrojanDropper:Win32/Vundo.V |
AV | MicroWorld (escan) | Gen:Variant.Symmi.7206 |
AV | Norman | Gen:Variant.Symmi.7206 |
AV | Rising | no_virus |
AV | Sophos | no_virus |
AV | Symantec | no_virus |
AV | Trend Micro | no_virus |
AV | VirusBlokAda (vba32) | Trojan.Cidox.51105 |
Runtime Details:
Screenshot | ![]() |
---|
Process
↳ C:\malware.exe
Creates File | C:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp |
---|---|
Creates File | C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BSDHA97U\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IIQ3LGTM\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\658HSJSD\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D4Z32ED8\desktop.ini |
Deletes File | C:\Documents and Settings\Administrator\Cookies\index.dat |
Process
↳ C:\WINDOWS\Explorer.EXE
Creates File | \Device\Afd\Endpoint |
---|---|
Creates File | C:\WINDOWS\system32\fjzhzyd.dll |
Creates File | C:\Documents and Settings\Administrator\Cookies\cf |
Deletes File | C:\Documents and Settings\Administrator\My Documents\Iterra\0105.tmp |
Deletes File | C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg |
Creates Process | C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg |
Winsock DNS | clickbeta.ru |
Winsock DNS | 91.220.35.154 |
Winsock DNS | veroconma.com |
Winsock DNS | terrans.su |
Winsock DNS | getinball.com |
Winsock DNS | theloamva.com |
Winsock DNS | tryatdns.com |
Winsock DNS | clickclans.ru |
Winsock DNS | dentagod.com |
Winsock DNS | denareclick.com |
Winsock DNS | debijonda.com |
Winsock DNS | fescheck.com |
Winsock DNS | liteworns.com |
Winsock DNS | getintsu.com |
Winsock DNS | nshouse1.com |
Winsock DNS | vengibit.com |
Winsock DNS | tryangets.com |
Winsock DNS | netrovad.com |
Winsock DNS | vornedix.com |
Winsock DNS | inzavora.com |
Winsock DNS | getavodes.com |
Winsock DNS | clickstano.com |
Process
↳ C:\WINDOWS\regedit.exe /s C:\Documents and Settings\Administrator\My Documents\Iterra\T03emp03.reg
Registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs ➝ C:\WINDOWS\system32\fjzhzyd.dll\\x00 |
---|
Network Details:
DNS | debijonda.com Type: A 141.8.225.80 |
---|---|
DNS | veroconma.com Type: A 74.117.179.241 |
DNS | theloamva.com Type: A 141.8.225.80 |
DNS | vornedix.com Type: A 141.8.225.80 |
DNS | dentagod.com Type: A 141.8.225.80 |
DNS | liteworns.com Type: A 141.8.225.80 |
DNS | vengibit.com Type: A 141.8.225.80 |
DNS | tryangets.com Type: A 141.8.225.80 |
DNS | getintsu.com Type: A 141.8.225.80 |
DNS | getavodes.com Type: A 209.222.14.3 |
DNS | tryatdns.com Type: A 209.222.14.3 |
DNS | fescheck.com Type: A 109.234.109.76 |
DNS | inzavora.com Type: A 141.8.225.80 |
DNS | getinball.com Type: A |
DNS | netrovad.com Type: A |
DNS | terrans.su Type: A |
DNS | clickstano.com Type: A |
DNS | denareclick.com Type: A |
DNS | clickbeta.ru Type: A |
DNS | nshouse1.com Type: A |
DNS | clickclans.ru Type: A |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2XUhlcslvKJU User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2QoBwbtW5V8r User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2QoBwbtW5V8r User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2VBgbPIZgIMO User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2VBgbPIZgIMO User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2asP3ogWtnv2 User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2XGFssghYXvT User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2XGFssghYXvT User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2XGFssghYXvT User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2fyn/8nh8aWO User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2Q3hsPJwjDWJ User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2dtfNJWfOUgU User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2XGFssghYXvT User-Agent: |
HTTP GET | http://analystics.google.com/phpbb/get.php?id=C059900AEA75E06FXXXXXXXXXXXX0000&key=3683&av=0&vm=0&al=0&p=291&os=5.1.2600.3&z=458&hash=CvCnBjVj8IOM33A9LfOGdBknjy9aWzAJFE8Jx7rHtUT7vZ61zgWyg2Th6cYyx6E+fF6qQ684jGCzWXOZ7FMT2ZxPWycrlyn2 User-Agent: |
Flows TCP | 192.168.1.1:1031 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1032 ➝ 74.117.179.241:80 |
Flows TCP | 192.168.1.1:1033 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1034 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1035 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1036 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1037 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1038 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1039 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1040 ➝ 209.222.14.3:80 |
Flows TCP | 192.168.1.1:1041 ➝ 209.222.14.3:80 |
Flows TCP | 192.168.1.1:1042 ➝ 109.234.109.76:80 |
Flows TCP | 192.168.1.1:1043 ➝ 141.8.225.80:80 |
Flows TCP | 192.168.1.1:1044 ➝ 91.220.35.154:80 |
Raw Pcap
0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 36383326 XX0000&key=3683& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d323931 266f733d 352e312e 32363030 =291&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796732 54683663 59797836 452b6646 Wyg2Th6cYyx6E+fF 0x000000b0 (00176) 36715136 38346a47 437a5758 4f5a3746 6qQ684jGCzWXOZ7F 0x000000c0 (00192) 4d543258 55686c63 736c764b 4a552048 MT2XUhlcslvKJU H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 36383326 XX0000&key=3683& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d323931 266f733d 352e312e 32363030 =291&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796732 54683663 59797836 452b6646 Wyg2Th6cYyx6E+fF 0x000000b0 (00176) 36715136 38346a47 437a5758 4f5a3746 6qQ684jGCzWXOZ7F 0x000000c0 (00192) 4d543251 6f427762 74573556 38722048 MT2QoBwbtW5V8r H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 36383326 XX0000&key=3683& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d323931 266f733d 352e312e 32363030 =291&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796732 54683663 59797836 452b6646 Wyg2Th6cYyx6E+fF 0x000000b0 (00176) 36715136 38346a47 437a5758 4f5a3746 6qQ684jGCzWXOZ7F 0x000000c0 (00192) 4d543251 6f427762 74573556 38722048 MT2QoBwbtW5V8r H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 36383326 XX0000&key=3683& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d323931 266f733d 352e312e 32363030 =291&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796732 54683663 59797836 452b6646 Wyg2Th6cYyx6E+fF 0x000000b0 (00176) 36715136 38346a47 437a5758 4f5a3746 6qQ684jGCzWXOZ7F 0x000000c0 (00192) 4d543256 42676250 495a6749 4d4f2048 MT2VBgbPIZgIMO H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 36383326 XX0000&key=3683& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d323931 266f733d 352e312e 32363030 =291&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796732 54683663 59797836 452b6646 Wyg2Th6cYyx6E+fF 0x000000b0 (00176) 36715136 38346a47 437a5758 4f5a3746 6qQ684jGCzWXOZ7F 0x000000c0 (00192) 4d543256 42676250 495a6749 4d4f2048 MT2VBgbPIZgIMO H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 36383326 XX0000&key=3683& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d323931 266f733d 352e312e 32363030 =291&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796732 54683663 59797836 452b6646 Wyg2Th6cYyx6E+fF 0x000000b0 (00176) 36715136 38346a47 437a5758 4f5a3746 6qQ684jGCzWXOZ7F 0x000000c0 (00192) 4d543261 7350336f 6757746e 76322048 MT2asP3ogWtnv2 H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 36383326 XX0000&key=3683& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d323931 266f733d 352e312e 32363030 =291&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796732 54683663 59797836 452b6646 Wyg2Th6cYyx6E+fF 0x000000b0 (00176) 36715136 38346a47 437a5758 4f5a3746 6qQ684jGCzWXOZ7F 0x000000c0 (00192) 4d543258 47467373 67685958 76542048 MT2XGFssghYXvT H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 36383326 XX0000&key=3683& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d323931 266f733d 352e312e 32363030 =291&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796732 54683663 59797836 452b6646 Wyg2Th6cYyx6E+fF 0x000000b0 (00176) 36715136 38346a47 437a5758 4f5a3746 6qQ684jGCzWXOZ7F 0x000000c0 (00192) 4d543258 47467373 67685958 76542048 MT2XGFssghYXvT H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 36383326 XX0000&key=3683& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d323931 266f733d 352e312e 32363030 =291&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796732 54683663 59797836 452b6646 Wyg2Th6cYyx6E+fF 0x000000b0 (00176) 36715136 38346a47 437a5758 4f5a3746 6qQ684jGCzWXOZ7F 0x000000c0 (00192) 4d543258 47467373 67685958 76542048 MT2XGFssghYXvT H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 36383326 XX0000&key=3683& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d323931 266f733d 352e312e 32363030 =291&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796732 54683663 59797836 452b6646 Wyg2Th6cYyx6E+fF 0x000000b0 (00176) 36715136 38346a47 437a5758 4f5a3746 6qQ684jGCzWXOZ7F 0x000000c0 (00192) 4d543266 796e2f38 6e683861 574f2048 MT2fyn/8nh8aWO H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 36383326 XX0000&key=3683& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d323931 266f733d 352e312e 32363030 =291&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796732 54683663 59797836 452b6646 Wyg2Th6cYyx6E+fF 0x000000b0 (00176) 36715136 38346a47 437a5758 4f5a3746 6qQ684jGCzWXOZ7F 0x000000c0 (00192) 4d543251 33687350 4a776a44 574a2048 MT2Q3hsPJwjDWJ H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 36383326 XX0000&key=3683& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d323931 266f733d 352e312e 32363030 =291&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796732 54683663 59797836 452b6646 Wyg2Th6cYyx6E+fF 0x000000b0 (00176) 36715136 38346a47 437a5758 4f5a3746 6qQ684jGCzWXOZ7F 0x000000c0 (00192) 4d543264 74664e4a 57664f55 67552048 MT2dtfNJWfOUgU H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 36383326 XX0000&key=3683& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d323931 266f733d 352e312e 32363030 =291&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796732 54683663 59797836 452b6646 Wyg2Th6cYyx6E+fF 0x000000b0 (00176) 36715136 38346a47 437a5758 4f5a3746 6qQ684jGCzWXOZ7F 0x000000c0 (00192) 4d543258 47467373 67685958 76542048 MT2XGFssghYXvT H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com.... 0x00000000 (00000) 47455420 2f706870 62622f67 65742e70 GET /phpbb/get.p 0x00000010 (00016) 68703f69 643d4330 35393930 30414541 hp?id=C059900AEA 0x00000020 (00032) 37354530 36465858 58585858 58585858 75E06FXXXXXXXXXX 0x00000030 (00048) 58583030 3030266b 65793d33 36383326 XX0000&key=3683& 0x00000040 (00064) 61763d30 26766d3d 3026616c 3d302670 av=0&vm=0&al=0&p 0x00000050 (00080) 3d323931 266f733d 352e312e 32363030 =291&os=5.1.2600 0x00000060 (00096) 2e33267a 3d343538 26686173 683d4376 .3&z=458&hash=Cv 0x00000070 (00112) 436e426a 566a3849 4f4d3333 41394c66 CnBjVj8IOM33A9Lf 0x00000080 (00128) 4f476442 6b6e6a79 3961577a 414a4645 OGdBknjy9aWzAJFE 0x00000090 (00144) 384a7837 72487455 5437765a 36317a67 8Jx7rHtUT7vZ61zg 0x000000a0 (00160) 57796732 54683663 59797836 452b6646 Wyg2Th6cYyx6E+fF 0x000000b0 (00176) 36715136 38346a47 437a5758 4f5a3746 6qQ684jGCzWXOZ7F 0x000000c0 (00192) 4d54325a 78505779 63726c79 6e322048 MT2ZxPWycrlyn2 H 0x000000d0 (00208) 5454502f 312e310d 0a486f73 743a2061 TTP/1.1..Host: a 0x000000e0 (00224) 6e616c79 73746963 732e676f 6f676c65 nalystics.google 0x000000f0 (00240) 2e636f6d 0d0a0d0a .com....
Strings
strcatVirtualProtect. .M. . .Q. ...i. . . ... U(e .:T.Z. . .$. \ .CC l..... ..................... 1993-%d Accept ]aY) Bro&wse... by Alexander Roshal bytes Cancel &Cancel Cannot create folder %s Cannot create %s Cannot open %s Close Confirm file replace Copyright CRC failed in %s DCRC failed in the encrypted file %s. Corrupt file or wrong password. Decline &Destination folder eRichEdit ErroraErrors encountered while performing the operation Extract Extracting files to %s folder$Extracting files to temporary folder Extracting from %s Extracting %s Extraction progress File close error folder is not accessiblelSome files could not be created. H ((((( H h(((( H ~hRichEdit20W Install jmsctls_progress32 KERNEL32.DLL License LICENSEDLG RENAMEDLG Look at the information window for more details modified on mscoree.dll MS Shell Dlg 2 Next volume Not enough memory No to A&ll ntdll.dll Packed data CRC failed in %s Please close all applications, reboot Windows and restart this installation\Some installation files are corrupt. Please download a fresh copy and retry the installation Read error Rename &Rename Rename file REPLACEFILEDLG Select destination folder Skipping %s STARTDLG The archive comment is corrupt The archive header is corrupt The file "%s" header is corrupt%The archive comment header is corrupt The following file already exists The required volume is absent2The archive is either in unknown format or damaged TITLE_BMP =Total path and file name length must not exceed %d characters Unexpected end of archive Unknown method in %s WinRAR self-extracting archive with this one? Would you like to replace the existing file Wrong password for %s&Write error. Probably the disk is full &Yes Yes to &All "" """! /~/^/~/ .....! " " """! "" " "" "" "!" "" """! """ " """ " """ ""! """ """"" """" """! """"" """""" """""" """"""! """"""" """""""" """""""""! """""""""" """""""""""" """"""""""""! """""""""""""" """""""""""""""""""! """""""""""""""""""" !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ 0A@@Ju 0=_M"|@ 0SSSSS %1*0Lzy 17>`C2 1Q!LE\q 1;#U"p {1VEd3 $2" """" --+,21 2&"6RFBVrfbv 2&"6RFBVrfgv 2&"6RGCWsgbw 2&"6RGCWsgcv 2CK6RFB3 2&Ne''.Vrfbv "2"R"2" 2RB9]{bRrU |2zDx" ^3]];; =3- 0'`%SPmw $32""""34" $3"#4" 39#XP DJpy|u "3B""""$3" "3B""$3"! "3B""""""""""C2! $3B""""""""C4" $3B""""""C4" $3B""C4" 3e@u5E;U? 3%j*De 3-K`cBB 3](&P3Z 3W~A | 3YW(SX18 :4KHGhpy{ 4V\)PUq 5 2;_bkG"z 5;"|CmS}idp 5CT$UH%t5$5L1g 5IEiVydW~ 5iZkJ{zKu' 5opuU{yK Z 5oru'd 5YnZ[H &"62&"6RFBVrfbv 65z_Ym 6~B6>r 6e\uVEnUv /}6fM5 &"6^FNV &=6MF]Vmf}v 6R<BUs &"6RFBVrfb +7;%4A 7]4u%c +7I-9= (7r'27 8$0Z`T@u`my 84'7f#>? 888888 8!90E@sF 8,DUq* 8[&K4{ 8tBJjbl ]+-+=9 9@cuPa`np *'-9K1 9q3VNygc abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ AeJp~H @?Aj`& aljqe D alprKeCw An application has made an attempt to load the C runtime library incorrectly. ANlsP{Ka( AoVxfHvX ARUQ{} - Attempt to initialize the CRT more than once. - Attempt to use MSIL code from this assembly during native code initialization August aVI{V A*YZ1J &b6R,B^r? "Bfy.; !bH6w$ BJ:9=_{ B>Q&om bvmAjn #BVrfLv bwsgCTPE bwsg@PZO BX;p?@F {bY<2! BYWz5z' C2_)&N "C""4"! c{6Ctt CB """" %)c%F= %:cjcc CjYeI cksyC[6 C^n:Au CorExitProcess CreateWindowExA - CRT not initialized Cr~+y" c|sl&T cwsd@RV@ CYYE""B """" ""D! @.data ++++++dd dddd, MMMM dd, yyyy DDehhH December DecodePointer DefWindowProcA DeleteCriticalSection DispatchMessageA DjTzZtJd: #dnUHw dOcM|x DOMAIN error dSq^eh@s$ d~tND^U }E@;<<// e1,|u}( E3Uk%65B -eAu^EnUl *'ECjs >eFuPEcU E+GNZ?gK eGu\EmUp EJj+ax _eJuRE{Uo +EKEkeke EKEkEKE +EKEkEKE+ +EKEkEKE+] |EL $0I%F EncodePointer EnterCriticalSection +eNuRE{Ud equ|E3UC%L5, ]Er6NF /{e?u/ e)u9EI _e/u?#d# _e/u?D _e/u?E _e*u?E {e/u?E +e@u{E e u-E=UM%X5h .e|uLE\UMl e<uLG\ e~uNELU,%<5 _e/u?U %EVU!m ExitProcess ^fbiRY)I-9= FBVrfbv February feNu>E=UE%15> [.ff]8F FF\^'b FhWydJu[ - floating point support not loaded FlsAlloc FlsFree FlsGetValue FlsSetValue FreeEnvironmentStringsA FreeEnvironmentStringsW Friday fT&AE) fV9 $u F_VZmvF &,FwW~ ,FYFKQns #f,z(F ))[[)G1x g=Cy_2 G?dfvW9 GetACP GetActiveWindow GetCommandLineA GetCPInfo GetCurrentProcess GetCurrentProcessId GetCurrentThreadId GetEnvironmentStrings GetEnvironmentStringsW GetFileType GetLastActivePopup GetLastError GetLocaleInfoA GetMessageA GetModuleFileNameA GetModuleHandleA GetModuleHandleW GetOEMCP GetProcAddress GetProcessHeap GetProcessWindowStation GetStartupInfoA GetStdHandle GetStringTypeA GetStringTypeW GetSystemMetrics GetSystemTimeAsFileTime GetTickCount GetUserObjectInformationA GetVersionExA GGGGG. GijE`Np^ Gi)(Oj GJEOB7Z gpt`E_[M g+ ]uMEl0C H0{Pjx h6 {9K HeapAlloc HeapCreate HeapFree HeapReAlloc HeapSize heeh$$$ @HE/ET HH:mm:ss <=Hl+c hrNV[`nt h|xmIZ^J /)I-9= I]9I]#d I9rm8I }i^de&L IDM\OT iF|VrTPD i*fXB< IK]\|ew InitializeCriticalSectionAndSpinCount InterlockedDecrement InterlockedIncrement I.^pNN> IsDebuggerPresent IsValidCodePage IX>PPk(^ iz~jNZ_H j9p uL JanFebMarAprMayJunJulAugSepOctNovDec January {<jD.#JemDGejQ |Jdz~B jDZOJd jDZtJd -je/hU" j@j ^V ?jJ{zK jm<^'-5U JQ''''n jQW*?f !ju)e_#/ JuK&a&p JWP|RFZ {jYV>BI &`k5yxRM6UH' K9yk#x KB{?]z ~KBz^uF kEKEk&"6RFBVrfbv kernel32.dll KERNEL32.dll KME\U,%<5 KpT]%< K:rV 6 *kzKSJ9 l4+pTIQ L(`@548 LCMapStringA LCMapStringW LcP~gJJd LeaveCriticalSection le\EL5'(,7 }LEL~F5 LE\U,%>5 le|u9/ le|uLE le|uLE\U le|uLE\U,%<% le|uLE^U.%4 le|uLE\U,%<5 le|uLE\U,%|5 le|uLE\U,%<5L le|uLE\U,%<WeweW le|uLM%U,%<5 lFseDQZL lL<B6# LoadLibraryA l"P|0\ }lR+73_9GNf L||UcPg `L|(&x KC L$Y>L. M-+3jxA) };MdV&-,> Meq$GS4#' MessageBoxA MfEv}F Microsoft Visual C++ Runtime Library MM/dd/yy Monday m_p; y mQHA8q MultiByteToWideChar MY)I-9=_ nd~tND^T, nIIX>PPSS - not enough space for arguments - not enough space for environment - not enough space for locale information - not enough space for lowio initialization - not enough space for _onexit/atexit table - not enough space for stdio initialization - not enough space for thread data November N`^pn@~P N`^poA @nQxfHwY `nR8B F N`_rmCr\ nse8I\ NWvc/\ '>`|NZb Oa_rlBs^ October oe^TPF1 Oe/u?E oe~uLE OracleClassEx OU*ejL? o~uYn>k\a ,o-vGA (-oWWW44 ;p{hI,0 Please contact the application's support team for more information. po{wx_ PPPPPPPP Program: <program name unknown> - pure virtual function call p!!W44 py\~LE\U,%<5 PY|uPE Qe5:uDb& qfbtwb_hO ]qJEf0 =QK|)qm ^QlHk [qn\]O Q====OO,, QueryPerformanceCounter QY<A,& -_r/4<G4 R5@MZv R{Cs[C `.rdata RegisterClassExA Rp{z@* RtlUnwind runtime error Runtime Error! rYe=[9 RYJV3}y Rzlh{PxM ~RZORn | S8A> s!9$2h Saturday September SetHandleCount SetLastError SetUnhandledExceptionFilter ShowWindow SING error -sqQhn9 strstr Sunday SunMonTueWedThuFriSat \SZ7Jszc :#*SZCJszcj #*SZCJTz ??TE""B TerminateProcess This application has requested the Runtime to terminate it in an unusual way. This indicates a bug in your application. This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain. !This program cannot be run in DOS mode. Thursday < tK< tG TLOSS error TlsAlloc TlsFree TlsGetValue TlsSetValue TranslateAcceleratorA TranslateMessage t"SS9] t$<"u 3 Tuesday tu-+I% ;t$,v- tvpDOd tvwx4G\up t+WWVPV TXPH=f ]t-X\r TY}tRm ,,,, u u#)0UB]R4a \u5E?UIJL5 u8E3;@MY5m UDeV0g UD%I4,f u!E2Ux%U5, u"E[E; u%E|UI% uFEnUX% @uFS=(C8 ugEOU/ {UkE[uKd: {UkE[uKe: UKwW%K67 Ul%|5L uL-6D, uLEqUO%L5 Ule|uL uLE}Uv - unable to initialize heap - unable to open console device - unexpected heap error - unexpected multithread lock error UnhandledExceptionFilter UN%Y5o UpdateWindow `uqeARVB uQ$PC )B3 UQPXY]Y[ URPQQh`VB USER32.dll USER32.DLL Uys!=J /uZ0E0^ UZ%X5m !vC4M4, )VFMh' vG4a;Q VirtualAlloc VirtualFree v\lAQ~kn0P <VlrA% vm:2i9 v N+D$ v\sMCrXv VV_bXa w4|a)Q ]&W63F&2 W^e|5L Wednesday WideCharToMultiByte wNSlD" wqHAXQ( w&"*RBJ WriteFile _xbd4Zt _X$CIFgvoE x|iM+c Xl[F 2 xlH\XL : +;XO xXcF4=F2%3 XY=C5c (*Y|&+ )y)13oz y}9ghTq y_ak?8W ???>YB Yd=gvB Ye'u5E ?Y'I-9 y}i:Y]IY9=)~ >=Yt1j y!`V)"1 yxbhm3 -/-.z? Z0N):Q z1jDZtJd: /ZCc2$" zFjDoeJ zKjZZjJz: ]ZM+zAj zpE#]|Y )ZrC bf Zs}3:vY Zt/d:g zTjDZtJ zTjDZtJd: zTj:ZTJD:4*$ ztvmE zUjE? & ZXJXZtJd: zxkEZGJt: ZxK xJi @Z`z@ZG_& ZZZZZ2U