Analysis Date2014-11-02 01:59:49
MD5331cb8b1700b636370b75da7415bf1f8
SHA1c716e6059d6669c4c8bd671ff5bd7ade289bc480

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: d92a0fc970b30a3dfd1f79f6f226cfd6 sha1: 6bf55e8af5e6bb17324def895da25592e37ea8ae size: 462848
Section.rdata md5: 40629ccd17ff6438b31108ed64dbe568 sha1: 1eacb0c7f02966d1c65b7b4fd7bb5b98a80ca0bf size: 59392
Section.data md5: 379c0303142126f5a451f515655736de sha1: 75a4804293d5f55bfecc75038f71cae73765f3d6 size: 8192
Section.rsrc md5: b984763d4b2f0702799a1f44ca641574 sha1: e078dcc03fde9d766a18f8c466550260d5987f56 size: 20992
Section.reloc md5: 74120f3c1bd2ae28deeae47c4ecff0b8 sha1: d75932d90a1781868938dd19096bceed52f2920b size: 20480
Timestamp2014-03-19 18:56:10
VersionLegalCopyright: 2014
InternalName: dnloader
FileVersion: 3, 3, 7, 0
CompanyName: C
LegalTrademarks: -
Comments: ND
ProductName: premium
ProductVersion: 3, 3, 7, 0
FileDescription: DWD
PackerMicrosoft Visual C++ ?.?
PEhash18734a9eb6cb32d30df26b5ef91ed747b9a30ff2
IMPhash04188a2ad6784757293886d810ee68fa
AV360 Safeno_virus
AVAd-AwareGen:Variant.Graftor.152700
AVAlwil (avast)no_virus
AVArcabit (arcavir)no_virus
AVAuthentiumW32/A-e976c249!Eldorado
AVAvira (antivir)no_virus
AVBullGuardGen:Variant.Graftor.152700
AVCA (E-Trust Ino)Win32/Tnega.XAWA!suspicious
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftGen:Variant.Graftor.152700
AVEset (nod32)no_virus
AVFortinetRiskware/4Shared
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Graftor.152700
AVGrisoft (avg)no_virus
AVIkarusPUA.4Shared
AVK7Unwanted-Program ( 004a9c681 )
AVKasperskyTrojan.Win32.StartPage.ezya
AVMalwareBytesno_virus
AVMcafeeno_virus
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)Gen:Variant.Graftor.152700
AVNormanGen:Variant.Graftor.152700
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Desktop\02 - Dan\\xc3\\xa7a Kuduro - Latino e Dad Kal.mp3
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\UNT2.tmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\UNT1.tmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\UNT3.tmp
Creates File\Device\Afd\AsyncConnectHlp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\UNT4.tmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\UNT5.tmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\UNT8.tmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\UNT7.tmp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\UNT6.tmp
Creates File\Device\Afd\Endpoint
Deletes FileC:\Documents and Settings\Administrator\Desktop\02 - Dan\\xc3\\xa7a Kuduro - Latino e Dad Kal.mp3
Creates MutexBDA_MUTEX
Winsock DNSdownloadget.net
Winsock DNSdc459.4shared.com
Winsock DNSwww.adshost2.com
Winsock DNStrack.getportal.net

Process
↳ C:\Program Files\Internet Explorer\iexplore.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window_Placement ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Locked ➝
1
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates MutexWininetConnectionMutex
Creates Mutex_SHuassist.mtx
Creates MutexShell.CMruPidlList

Network Details:

DNSdownloadget.net
Type: A
162.159.244.192
DNSdownloadget.net
Type: A
162.159.245.192
DNSdownloadget.net
Type: A
162.159.244.192
DNSdownloadget.net
Type: A
162.159.245.192
DNSdownloadget.net
Type: A
162.159.244.192
DNSdownloadget.net
Type: A
162.159.245.192
DNSwww.adshost2.com
Type: A
68.233.228.234
DNSwww.adshost2.com
Type: A
74.50.103.39
DNStrack.getportal.net
Type: A
178.162.201.18
DNSdc459.4shared.com
Type: A
78.140.186.13
HTTP GEThttp://downloadget.net/smart-download/67230100/bundle.exe/bundle.exe?bundleorigin=4300107
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://downloadget.net/smart-download/67260100/bundle.exe/bundle.exe?bundleorigin=4300107
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://www.adshost2.com/at?subId=MjMwODB8NjU2NzJ8TVl8MXwxfHw%7C828950dd04129dce6d6f577b378d6f3d
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://downloadget.net/smart-download/67200200/bundle.exe/bundle.exe?bundleorigin=4300107
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://track.getportal.net/trackcnt/Kvg48RpSKKFNkW8e/?data=L4300107
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://track.getportal.net/trackcnt/Kvg48RpSKKFNkW8e/?data=BDB7230100
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://track.getportal.net/trackcnt/Kvg48RpSKKFNkW8e/?data=BDB7200200
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://track.getportal.net/trackcnt/Kvg48RpSKKFNkW8e/?data=BDB7260100
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://track.getportal.net/trackcnt/Kvg48RpSKKFNkW8e/?data=BDE7260100ER404
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://track.getportal.net/trackcnt/Kvg48RpSKKFNkW8e/?data=BDE7230100ER404
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://track.getportal.net/trackcnt/Kvg48RpSKKFNkW8e/?data=BDE7200200ER404
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://www.adshost2.com/at?subId=MjMwODB8NjU2NzJ8TVl8MXwxfHw%7Ce9f343f6aab8c39450641c67d80f8c57
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://track.getportal.net/trackcnt/Kvg48RpSKKFNkW8e/?data=M4300107
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://dc459.4shared.com/download/zzG-zG6V?tsid=20140320-151640-c3e4dfb1&forDownloadHelper=true&lgfp=11000&dsid=38ade8.85c036ec4d89f3f13537f0dc58d38ad6
User-Agent: UniversalUserAgent(winHTTP)
HTTP GEThttp://track.getportal.net/trackcnt/Kvg48RpSKKFNkW8e/?data=E4300107
User-Agent: UniversalUserAgent(winHTTP)
Flows TCP192.168.1.1:1036 ➝ 162.159.244.192:80
Flows TCP192.168.1.1:1037 ➝ 68.233.228.234:80
Flows TCP192.168.1.1:1034 ➝ 162.159.244.192:80
Flows TCP192.168.1.1:1035 ➝ 162.159.244.192:80
Flows TCP192.168.1.1:1038 ➝ 178.162.201.18:80
Flows TCP192.168.1.1:1039 ➝ 178.162.201.18:80
Flows TCP192.168.1.1:1040 ➝ 178.162.201.18:80
Flows TCP192.168.1.1:1041 ➝ 178.162.201.18:80
Flows TCP192.168.1.1:1042 ➝ 178.162.201.18:80
Flows TCP192.168.1.1:1043 ➝ 178.162.201.18:80
Flows TCP192.168.1.1:1044 ➝ 178.162.201.18:80
Flows TCP192.168.1.1:1045 ➝ 68.233.228.234:80
Flows TCP192.168.1.1:1046 ➝ 178.162.201.18:80
Flows TCP192.168.1.1:1047 ➝ 78.140.186.13:80
Flows TCP192.168.1.1:1048 ➝ 178.162.201.18:80

Raw Pcap
0x00000000 (00000)   47455420 2f736d61 72742d64 6f776e6c   GET /smart-downl
0x00000010 (00016)   6f61642f 36373236 30313030 2f62756e   oad/67260100/bun
0x00000020 (00032)   646c652e 6578652f 62756e64 6c652e65   dle.exe/bundle.e
0x00000030 (00048)   78653f62 756e646c 656f7269 67696e3d   xe?bundleorigin=
0x00000040 (00064)   34333030 31303720 48545450 2f312e31   4300107 HTTP/1.1
0x00000050 (00080)   0d0a436f 6f6b6965 3a200d0a 55736572   ..Cookie: ..User
0x00000060 (00096)   2d416765 6e743a20 556e6976 65727361   -Agent: Universa
0x00000070 (00112)   6c557365 72416765 6e742877 696e4854   lUserAgent(winHT
0x00000080 (00128)   5450290d 0a486f73 743a2064 6f776e6c   TP)..Host: downl
0x00000090 (00144)   6f616467 65742e6e 65740d0a 436f6e6e   oadget.net..Conn
0x000000a0 (00160)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x000000b0 (00176)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f736d61 72742d64 6f776e6c   GET /smart-downl
0x00000010 (00016)   6f61642f 36373233 30313030 2f62756e   oad/67230100/bun
0x00000020 (00032)   646c652e 6578652f 62756e64 6c652e65   dle.exe/bundle.e
0x00000030 (00048)   78653f62 756e646c 656f7269 67696e3d   xe?bundleorigin=
0x00000040 (00064)   34333030 31303720 48545450 2f312e31   4300107 HTTP/1.1
0x00000050 (00080)   0d0a436f 6f6b6965 3a200d0a 55736572   ..Cookie: ..User
0x00000060 (00096)   2d416765 6e743a20 556e6976 65727361   -Agent: Universa
0x00000070 (00112)   6c557365 72416765 6e742877 696e4854   lUserAgent(winHT
0x00000080 (00128)   5450290d 0a486f73 743a2064 6f776e6c   TP)..Host: downl
0x00000090 (00144)   6f616467 65742e6e 65740d0a 436f6e6e   oadget.net..Conn
0x000000a0 (00160)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x000000b0 (00176)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f736d61 72742d64 6f776e6c   GET /smart-downl
0x00000010 (00016)   6f61642f 36373230 30323030 2f62756e   oad/67200200/bun
0x00000020 (00032)   646c652e 6578652f 62756e64 6c652e65   dle.exe/bundle.e
0x00000030 (00048)   78653f62 756e646c 656f7269 67696e3d   xe?bundleorigin=
0x00000040 (00064)   34333030 31303720 48545450 2f312e31   4300107 HTTP/1.1
0x00000050 (00080)   0d0a436f 6f6b6965 3a200d0a 55736572   ..Cookie: ..User
0x00000060 (00096)   2d416765 6e743a20 556e6976 65727361   -Agent: Universa
0x00000070 (00112)   6c557365 72416765 6e742877 696e4854   lUserAgent(winHT
0x00000080 (00128)   5450290d 0a486f73 743a2064 6f776e6c   TP)..Host: downl
0x00000090 (00144)   6f616467 65742e6e 65740d0a 436f6e6e   oadget.net..Conn
0x000000a0 (00160)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x000000b0 (00176)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f61743f 73756249 643d4d6a   GET /at?subId=Mj
0x00000010 (00016)   4d774f44 42384e6a 55324e7a 4a385456   MwODB8NjU2NzJ8TV
0x00000020 (00032)   6c384d58 77786648 77253743 38323839   l8MXwxfHw%7C8289
0x00000030 (00048)   35306464 30343132 39646365 36643666   50dd04129dce6d6f
0x00000040 (00064)   35373762 33373864 36663364 20485454   577b378d6f3d HTT
0x00000050 (00080)   502f312e 310d0a43 6f6f6b69 653a200d   P/1.1..Cookie: .
0x00000060 (00096)   0a557365 722d4167 656e743a 20556e69   .User-Agent: Uni
0x00000070 (00112)   76657273 616c5573 65724167 656e7428   versalUserAgent(
0x00000080 (00128)   77696e48 54545029 0d0a486f 73743a20   winHTTP)..Host: 
0x00000090 (00144)   7777772e 61647368 6f737432 2e636f6d   www.adshost2.com
0x000000a0 (00160)   0d0a436f 6e6e6563 74696f6e 3a204b65   ..Connection: Ke
0x000000b0 (00176)   65702d41 6c697665 0d0a0d0a            ep-Alive....

0x00000000 (00000)   47455420 2f747261 636b636e 742f4b76   GET /trackcnt/Kv
0x00000010 (00016)   67343852 70534b4b 464e6b57 38652f3f   g48RpSKKFNkW8e/?
0x00000020 (00032)   64617461 3d4c3433 30303130 37204854   data=L4300107 HT
0x00000030 (00048)   54502f31 2e310d0a 436f6f6b 69653a20   TP/1.1..Cookie: 
0x00000040 (00064)   0d0a5573 65722d41 67656e74 3a20556e   ..User-Agent: Un
0x00000050 (00080)   69766572 73616c55 73657241 67656e74   iversalUserAgent
0x00000060 (00096)   2877696e 48545450 290d0a48 6f73743a   (winHTTP)..Host:
0x00000070 (00112)   20747261 636b2e67 6574706f 7274616c    track.getportal
0x00000080 (00128)   2e6e6574 0d0a436f 6e6e6563 74696f6e   .net..Connection
0x00000090 (00144)   3a204b65 65702d41 6c697665 0d0a0d0a   : Keep-Alive....
0x000000a0 (00160)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x000000b0 (00176)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f747261 636b636e 742f4b76   GET /trackcnt/Kv
0x00000010 (00016)   67343852 70534b4b 464e6b57 38652f3f   g48RpSKKFNkW8e/?
0x00000020 (00032)   64617461 3d424442 37323330 31303020   data=BDB7230100 
0x00000030 (00048)   48545450 2f312e31 0d0a436f 6f6b6965   HTTP/1.1..Cookie
0x00000040 (00064)   3a200d0a 55736572 2d416765 6e743a20   : ..User-Agent: 
0x00000050 (00080)   556e6976 65727361 6c557365 72416765   UniversalUserAge
0x00000060 (00096)   6e742877 696e4854 5450290d 0a486f73   nt(winHTTP)..Hos
0x00000070 (00112)   743a2074 7261636b 2e676574 706f7274   t: track.getport
0x00000080 (00128)   616c2e6e 65740d0a 436f6e6e 65637469   al.net..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a7469 6f6e3a20 4b656570 2d416c69   ..tion: Keep-Ali
0x000000b0 (00176)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f747261 636b636e 742f4b76   GET /trackcnt/Kv
0x00000010 (00016)   67343852 70534b4b 464e6b57 38652f3f   g48RpSKKFNkW8e/?
0x00000020 (00032)   64617461 3d424442 37323030 32303020   data=BDB7200200 
0x00000030 (00048)   48545450 2f312e31 0d0a436f 6f6b6965   HTTP/1.1..Cookie
0x00000040 (00064)   3a200d0a 55736572 2d416765 6e743a20   : ..User-Agent: 
0x00000050 (00080)   556e6976 65727361 6c557365 72416765   UniversalUserAge
0x00000060 (00096)   6e742877 696e4854 5450290d 0a486f73   nt(winHTTP)..Hos
0x00000070 (00112)   743a2074 7261636b 2e676574 706f7274   t: track.getport
0x00000080 (00128)   616c2e6e 65740d0a 436f6e6e 65637469   al.net..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a7469 6f6e3a20 4b656570 2d416c69   ..tion: Keep-Ali
0x000000b0 (00176)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f747261 636b636e 742f4b76   GET /trackcnt/Kv
0x00000010 (00016)   67343852 70534b4b 464e6b57 38652f3f   g48RpSKKFNkW8e/?
0x00000020 (00032)   64617461 3d424442 37323630 31303020   data=BDB7260100 
0x00000030 (00048)   48545450 2f312e31 0d0a436f 6f6b6965   HTTP/1.1..Cookie
0x00000040 (00064)   3a200d0a 55736572 2d416765 6e743a20   : ..User-Agent: 
0x00000050 (00080)   556e6976 65727361 6c557365 72416765   UniversalUserAge
0x00000060 (00096)   6e742877 696e4854 5450290d 0a486f73   nt(winHTTP)..Hos
0x00000070 (00112)   743a2074 7261636b 2e676574 706f7274   t: track.getport
0x00000080 (00128)   616c2e6e 65740d0a 436f6e6e 65637469   al.net..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a7469 6f6e3a20 4b656570 2d416c69   ..tion: Keep-Ali
0x000000b0 (00176)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f747261 636b636e 742f4b76   GET /trackcnt/Kv
0x00000010 (00016)   67343852 70534b4b 464e6b57 38652f3f   g48RpSKKFNkW8e/?
0x00000020 (00032)   64617461 3d424445 37323630 31303045   data=BDE7260100E
0x00000030 (00048)   52343034 20485454 502f312e 310d0a43   R404 HTTP/1.1..C
0x00000040 (00064)   6f6f6b69 653a200d 0a557365 722d4167   ookie: ..User-Ag
0x00000050 (00080)   656e743a 20556e69 76657273 616c5573   ent: UniversalUs
0x00000060 (00096)   65724167 656e7428 77696e48 54545029   erAgent(winHTTP)
0x00000070 (00112)   0d0a486f 73743a20 74726163 6b2e6765   ..Host: track.ge
0x00000080 (00128)   74706f72 74616c2e 6e65740d 0a436f6e   tportal.net..Con
0x00000090 (00144)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000a0 (00160)   6976650d 0a0d0a20 4b656570 2d416c69   ive.... Keep-Ali
0x000000b0 (00176)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f747261 636b636e 742f4b76   GET /trackcnt/Kv
0x00000010 (00016)   67343852 70534b4b 464e6b57 38652f3f   g48RpSKKFNkW8e/?
0x00000020 (00032)   64617461 3d424445 37323330 31303045   data=BDE7230100E
0x00000030 (00048)   52343034 20485454 502f312e 310d0a43   R404 HTTP/1.1..C
0x00000040 (00064)   6f6f6b69 653a200d 0a557365 722d4167   ookie: ..User-Ag
0x00000050 (00080)   656e743a 20556e69 76657273 616c5573   ent: UniversalUs
0x00000060 (00096)   65724167 656e7428 77696e48 54545029   erAgent(winHTTP)
0x00000070 (00112)   0d0a486f 73743a20 74726163 6b2e6765   ..Host: track.ge
0x00000080 (00128)   74706f72 74616c2e 6e65740d 0a436f6e   tportal.net..Con
0x00000090 (00144)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000a0 (00160)   6976650d 0a0d0a20 4b656570 2d416c69   ive.... Keep-Ali
0x000000b0 (00176)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f747261 636b636e 742f4b76   GET /trackcnt/Kv
0x00000010 (00016)   67343852 70534b4b 464e6b57 38652f3f   g48RpSKKFNkW8e/?
0x00000020 (00032)   64617461 3d424445 37323030 32303045   data=BDE7200200E
0x00000030 (00048)   52343034 20485454 502f312e 310d0a43   R404 HTTP/1.1..C
0x00000040 (00064)   6f6f6b69 653a200d 0a557365 722d4167   ookie: ..User-Ag
0x00000050 (00080)   656e743a 20556e69 76657273 616c5573   ent: UniversalUs
0x00000060 (00096)   65724167 656e7428 77696e48 54545029   erAgent(winHTTP)
0x00000070 (00112)   0d0a486f 73743a20 74726163 6b2e6765   ..Host: track.ge
0x00000080 (00128)   74706f72 74616c2e 6e65740d 0a436f6e   tportal.net..Con
0x00000090 (00144)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000a0 (00160)   6976650d 0a0d0a20 4b656570 2d416c69   ive.... Keep-Ali
0x000000b0 (00176)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f61743f 73756249 643d4d6a   GET /at?subId=Mj
0x00000010 (00016)   4d774f44 42384e6a 55324e7a 4a385456   MwODB8NjU2NzJ8TV
0x00000020 (00032)   6c384d58 77786648 77253743 65396633   l8MXwxfHw%7Ce9f3
0x00000030 (00048)   34336636 61616238 63333934 35303634   43f6aab8c3945064
0x00000040 (00064)   31633637 64383066 38633537 20485454   1c67d80f8c57 HTT
0x00000050 (00080)   502f312e 310d0a43 6f6f6b69 653a200d   P/1.1..Cookie: .
0x00000060 (00096)   0a557365 722d4167 656e743a 20556e69   .User-Agent: Uni
0x00000070 (00112)   76657273 616c5573 65724167 656e7428   versalUserAgent(
0x00000080 (00128)   77696e48 54545029 0d0a486f 73743a20   winHTTP)..Host: 
0x00000090 (00144)   7777772e 61647368 6f737432 2e636f6d   www.adshost2.com
0x000000a0 (00160)   0d0a436f 6e6e6563 74696f6e 3a204b65   ..Connection: Ke
0x000000b0 (00176)   65702d41 6c697665 0d0a0d0a            ep-Alive....

0x00000000 (00000)   47455420 2f747261 636b636e 742f4b76   GET /trackcnt/Kv
0x00000010 (00016)   67343852 70534b4b 464e6b57 38652f3f   g48RpSKKFNkW8e/?
0x00000020 (00032)   64617461 3d4d3433 30303130 37204854   data=M4300107 HT
0x00000030 (00048)   54502f31 2e310d0a 436f6f6b 69653a20   TP/1.1..Cookie: 
0x00000040 (00064)   0d0a5573 65722d41 67656e74 3a20556e   ..User-Agent: Un
0x00000050 (00080)   69766572 73616c55 73657241 67656e74   iversalUserAgent
0x00000060 (00096)   2877696e 48545450 290d0a48 6f73743a   (winHTTP)..Host:
0x00000070 (00112)   20747261 636b2e67 6574706f 7274616c    track.getportal
0x00000080 (00128)   2e6e6574 0d0a436f 6e6e6563 74696f6e   .net..Connection
0x00000090 (00144)   3a204b65 65702d41 6c697665 0d0a0d0a   : Keep-Alive....
0x000000a0 (00160)   0d0a436f 6e6e6563 74696f6e 3a204b65   ..Connection: Ke
0x000000b0 (00176)   65702d41 6c697665 0d0a0d0a            ep-Alive....

0x00000000 (00000)   47455420 2f646f77 6e6c6f61 642f7a7a   GET /download/zz
0x00000010 (00016)   472d7a47 36563f74 7369643d 32303134   G-zG6V?tsid=2014
0x00000020 (00032)   30333230 2d313531 3634302d 63336534   0320-151640-c3e4
0x00000030 (00048)   64666231 26666f72 446f776e 6c6f6164   dfb1&forDownload
0x00000040 (00064)   48656c70 65723d74 72756526 6c676670   Helper=true&lgfp
0x00000050 (00080)   3d313130 30302664 7369643d 33386164   =11000&dsid=38ad
0x00000060 (00096)   65382e38 35633033 36656334 64383966   e8.85c036ec4d89f
0x00000070 (00112)   33663133 35333766 30646335 38643338   3f13537f0dc58d38
0x00000080 (00128)   61643620 48545450 2f312e31 0d0a436f   ad6 HTTP/1.1..Co
0x00000090 (00144)   6f6b6965 3a200d0a 55736572 2d416765   okie: ..User-Age
0x000000a0 (00160)   6e743a20 556e6976 65727361 6c557365   nt: UniversalUse
0x000000b0 (00176)   72416765 6e742877 696e4854 5450290d   rAgent(winHTTP).
0x000000c0 (00192)   0a486f73 743a2064 63343539 2e347368   .Host: dc459.4sh
0x000000d0 (00208)   61726564 2e636f6d 0d0a436f 6e6e6563   ared.com..Connec
0x000000e0 (00224)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000f0 (00240)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f747261 636b636e 742f4b76   GET /trackcnt/Kv
0x00000010 (00016)   67343852 70534b4b 464e6b57 38652f3f   g48RpSKKFNkW8e/?
0x00000020 (00032)   64617461 3d453433 30303130 37204854   data=E4300107 HT
0x00000030 (00048)   54502f31 2e310d0a 436f6f6b 69653a20   TP/1.1..Cookie: 
0x00000040 (00064)   0d0a5573 65722d41 67656e74 3a20556e   ..User-Agent: Un
0x00000050 (00080)   69766572 73616c55 73657241 67656e74   iversalUserAgent
0x00000060 (00096)   2877696e 48545450 290d0a48 6f73743a   (winHTTP)..Host:
0x00000070 (00112)   20747261 636b2e67 6574706f 7274616c    track.getportal
0x00000080 (00128)   2e6e6574 0d0a436f 6e6e6563 74696f6e   .net..Connection
0x00000090 (00144)   3a204b65 65702d41 6c697665 0d0a0d0a   : Keep-Alive....
0x000000a0 (00160)   6e743a20 556e6976 65727361 6c557365   nt: UniversalUse
0x000000b0 (00176)   72416765 6e742877 696e4854 5450290d   rAgent(winHTTP).
0x000000c0 (00192)   0a486f73 743a2064 63343539 2e347368   .Host: dc459.4sh
0x000000d0 (00208)   61726564 2e636f6d 0d0a436f 6e6e6563   ared.com..Connec
0x000000e0 (00224)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000f0 (00240)   0d0a0d0a                              ....


Strings
 
.
.
...
...
......
..........
....
.
.
.
.
.
.
 CC 
-E-
-0
-0010+-0
0
-0
.
-e-
. 
.00-+ 00-+ 
0
\
00
.
-...........?- 
0
0
0
0
uTW
000004b0
%%%02X
{123374DE290-123F-4565-9164-39C4925E467B}
2014
3, 3, 7, 0
400 Bad Request
401 Unauthorized
403 Forbidden
404 Not Found
408 Request Timeout
500 Internal Server Error
502 Bad Gateway
503 Service Unavailable
504 Gateway Timeout
64shared.com Download Helpe
AAPPLICATION_NAME
a([a-zA-Z0-9])
ABORT_CONFIRMATION
Accept: */*
_All_Ctrls_Orig_Proc_
alwaysrunas
 and 
APPLICATION_NAME
Are you sure you want to abort download?
Astatic
AUNT
BDA_MUTEX
b([ \t])
_Btn_Is_Checked_
button
By clicking "
Cancel
Cannot download file from:
Cannot download from
Cannot download the requested files.
c([a-zA-Z])
Change
charset={[A-Za-z0-9\-_]+}
_Class_Pointer_Property_
CLSID
Comments
CompanyName
Component Categories
Content-Length: 
Content-Length: {[0-9]+}
Content-Type: application/x-www-form-urlencoded
_Control_Color_
Cookie: 
d([0-9])
default
DGET
Dialog
dnloader
Downloader application
Downloading...
edit
#empty
English
equal
eula
.exe
file
FileDescription
FileType
FileVersion
folder
GAppID
GDelete
GForceRemove
GNoRemove
GVal
                                 H
         (((((                  H
h([0-9a-fA-F])
h123ttp://down123load-faster.net/error.jsp?msg=downloadhelperxmlnotfound
Hardware
         h((((                  H
{<html[^\>]*>.*<body[^\>]*>.*<\/body>.*<\/html>.*}
%i%%
IDC_MAIN_BUTTON_DOWNLOAD
IDC_MAIN_TEXT_DOWNLOAD_DST
IDC_MAIN_TEXT_INTRO
IDC_MAIN_TEXT_REQUESTED_FILE_PRE
IDC_PROGRESS_TEXT_FILENAME
Ignore and continue
Interface
InternalName
Invalid DateTime
Invalid DateTimeSpan
%i%% - %s
jjjj
jjjjj
jjjjjjjjj
KERNEL32.DLL
_Label_Original_Proc_
_Lbl_Background_Color_
LegalCopyright
LegalTrademarks
License Agreement
Location: {[A-Za-z0-9\-_%+*:;/.=?&]+}
Location of the downloaded file:
MaxConnectionsPer1_0Server
MaxConnectionsPerServer
Mime
mscoree.dll
msctls_progress32
MS Shell Dlg
(null)
open
openas
openasfile
Open file
policy
POST
premium
Privacy Policy
ProductName
ProductVersion
q("[^"]*")|('[^']*')
Quit
Range: bytes=%i-
renameto_
\r\n
runas
SECURITY
Select target dir..
Server answered: 
Set-Cookie:\b*{.+?}\n
shell32.dll
Show
Show in Explorer
Skip
SkipAll
Software
Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Software\Microsoft\Windows\CurrentVersion\Internet Settings
static
StringFileInfo
substring
SYSTEM
Translation
TypeLib
Unexpected network error
Unexpected network error, cannot download %s
UniversalUserAgent(winHTTP)
URL: 
%USERPROFILE%
utf-8
VarFileInfo
VS_VERSION_INFO
w([a-zA-Z]+)
" you agree to 
z([0-9]+)
=;=[={=
>!>.>;>
                          
	0%0<0
0 0@0`0
0 0@0\0
0 0(00080@0H0P0X0`0h0p0x0
0(00080@0H0P0X0`0l0
00040L0\0`0d0h0l0t0
00080D0d0l0t0|0
00_0G1Q1
0$0<0T0d0t0
0'010X0]0g0l0v0
0+050J0T0i0s0
0-090F0M0
0 0H0\0l0
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0&131K1
0&181&282
0=1J1d1F2X2
'0	1v1
0"1Z1x1
&020C0N0W0c0m0
040D0H0L0T0l0|0
: :$:(:,:0:4:8:<:@:D:\?d?l?t?
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
? ?0?4?8?<?D?\?`?x?
	050]0
061116015437Z
07969287
079692870
>0>8>@>H>P>\>|>
< <(<0<8<@<H<P<X<`<h<p<|<
; ;(;0;8;@;H;P;X;`;h;p;x;
? ?(?0?8?@?H?P?X?`?h?p?x?
:(:,:0:8:P:`:d:t:x:|:
-0A0N1S1
0A@@Ju
*0B0M0q0z0
`0d0|0
>0>D>L>h>p>
: :(:0:<:\:d:l:t:|:
:$:(:,:0:<:D:L:T:`:|:
>0>D>\>t>|>
;0;@;D;T;X;\;d;|;
0F1X1r1|1
0F3X3~3
>0G0~0
:,;0;H;L;X;`;
 0J0u0
0J1V1O2T2Z2^2d2h2n2r2x2|2
<0M0v0
0M0W0b0
0P0U0c0h0q0y0
<(<0<P<d<l<
=$=0=P=X=`=l=
>0R0b0
0SSSSS
?0?T?`?h?
0V1h162E2
0V1i1d2&454
0WWWWW
1 1(10181@1H1P1X1`1h1t1
1 1(10181D1d1p1
1$1(1,10141<1T1X1p1t1
1 1&1-141;1B1I1P1W1_1g1o1{1
111@1E1f1k1
1 1&151;1I1R1a1f1p1~1
1,1@1H1`1l1
1 1@1L1h1
112)3y3
1(1,3034383
1-141:1L1T1_1
1)151G1[1t1
1,181`1
1$1D1L1X1x1
1 1I1N1e1
1+1U1a1i1
1 242<2D2L2X2x2|2
1)2w2n3
131230073353Z
1@3H3P3X3d3
1*3Z3j4
141D1H1L1P1X1p1t1
1&555M5
161230073353Z0c1
<1=6=>==>E>
172>2D2
?"?&?,?1?7?<?K?a?l?q?|?
+1&<9<
191O1a132=2J2e2l2
1A1T1l1~1
1I2]2m2
1joE|b=z
1K1f1u1
1M2W2_2u2
1#QNAN
1#SNAN
1Z3h3n3
202G2r2
2 2024282<2D2\2`2x2
2 202D2L2l2
2 2(20282@2H2P2X2`2h2t2
2'2,21262F2u2
2$2(2,242L2P2h2x2|2
2)2;2O2
2#232C2U2c2m2
2*242@2L2V2_2i2
2(2H2P2X2`2h2p2|2
2,2P2l2
2+2X2l2
2'323U3
2%3-353>3u3}3
234D4~4
242<2D2L2T2\2d2l2x2
2%434;4H4f4p4y4
2'4+4/43474;4?4C405h5
253H3e3
2&555S5
261116015437Z0
263H3l3
293F3v4
;2;9;M;T;l;x;~;
2M2Z293H3
2P2]2j2X3
2R,H3^k%
2v4&686\6
3 3(30383@3H3P3\3|3
3 3(30383@3H3T3t3
3 3%3,313
3 3$3,3D3T3X3h3l3t3
3 3(3@3P3T3d3h3x3|3
3 3,3L3T3\3d3l3t3
3,3@3P3d3l3
3=3B3v5
3"3F4X4V5e5)6\6
343<3H3p3
3(4;4L4q4
3-4`4z4
3&454M465E5
366H6a6h6
?#?'?+?/?3?7?;???C?G?K?O?S?W?[?_?c?o?y?
=3=]=f=r=
3L3b3h3
:3:S:X:
<&<3<V<k<
3Z3p3"4r4
40454}4
4(4,4044484@4D4
4 4(40484@4H4P4X4`4h4p4x4
4 4$4|4
4%4+4]4
4$4,444@4`4h4p4|4
4.444<4F4
4$444H4P4p4
4$4*454:4B4H4R4Y4m4t4z4
4<4@4D4\4`4d4h4l4p4t4x4|4
4 4,4L4X4|4
4&4;4M4k4
4%4=4Y4
4.484>4K4
4(484<4L4P4T4\4t4x4
4 484H4L4\4`4d4h4p4
4<4D4L4T4\4d4l4t4|4
4(4F4R4
4#4g4~4
4,4L4T4\4d4l4t4|4
4+6n6:7{7
:.;4;8;<;@;
=->4>8><>@>D>H>L>P>
=$=,=4=8=@=T=\=d=l=x=
?4?8?X?x?
4A5I5g5I6
=$=,=4=<=D=L=T=`=
:$:,:4:<:D:L:T:`:
>$>,>4><>D>L>T>\>d>l>x>
<$<,<4<<<H<h<p<x<
>$>,>4><>H>h>t>
:4:@:`:h:t:
<&<4<I<S<y<
$4KT&'
=$=,=4=@=`=l=
= =$=(=,=4=L=P=h=l=
4P4*5\5
>(>4>P>\>t>x>
<4=R=x=
:$:,:4:@:\:t:
:(:4:T:`:
; ;(;4;T;\;h;
4V=h=y=
>)>.>4>>>W>\>d>o>
505D5T5h5p5
505H5\5
5,50545<5T5d5h5x5|5
5 50545D5H5L5T5l5|5
5 545A5
5 5(50585@5H5P5X5`5h5p5x5
5 5(545X5x5
5"555Y5
5(5<5D5\5h5
555g5q5y5
5$5@5h5
5 5,5L5X5x5
5$5+5N5U5s5
5)5C5X5]5n5
5(5H5T5t5
5%5J5Z5
5<5p5v5
566E6p6
5"6>6f6u6'7T7
5-676?6U6_6s6
5$6c6y6
5'6Z6q6
585W5v5
5|8M=6?L?
5C5^5x5
5F6N6f6
5F6X6&757
5F6Y6^6h6{6
5http://certificates.godaddy.com/repository/gdroot.crl0K
5L5b5x5
5P5T5X5\5`5d5
?5?U?r?
;,<6<\<
6074787<7X7\7`7d7t7x7|7
646D6H6X6\6`6h6
646X6x6
6 6(60686@6H6P6X6`6h6p6x6
6$6,646<6H6l6
6(6,646L6\6`6p6t6
6 6(646X6x6
6 6@6D6H6P6d6t6
6%6?6D6N6h6
667H7l7
6/6D6j6
6(6F6U6
6<6H6p6
6%6J7p7}7
6&787n7
686D6d6p6
<6<c<m=
=6>H>}>
?6?H?|?
=6>H>j>
;6<H<;?v?
6I6W6`6
:6:L:O;
6M7g7p7
6p<t<x<|<
6T7\7d7l7x7
=&=,=7=<=
767H7p7}7
7$707P7\7|7
7,747@7`7l7
7 7(747\7
7$7,747<7D7L7T7\7d7l7t7|7
7$7,747<7D7P7p7x7
7$7(787<7@7H7`7p7t7
7$7,787T7l7
7 7,7L7X7x7
7-7E7b7o7
7;7E7V7f7q7
7(7F7P7W7
7!7I7{7
7.7U7j7
7#808`8f8n8{8
7"878H8z8
7	8?8H8u8
7.8A8p8
7$8D8d8
7+8F8X8
7]8i8Z9
7[8m8v8
7,8P8j86;H;y;
7=8W8a8y8f9u9
7&=9=4>
797F7c7h7r7
7;9@9H9U:]:
7B9F9J9N9R9V9Z9^9z:
7F8U8w8
7W8":,:s:
869+;p;
878I8e8
8$80888\8p8
8$808T8t8|8
8&828<8A8M8T8^8
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
8 8$8,8D8H8`8p8t8
8%8.8:8F8R8^8i8
8-888G8
8,888X8`8h8t8
8	8 898U8^8d8m8r8
8/8:8C8Y8c8
8 8@8H8P8\8
8(8@8P8t8
8(8,8P8T8
8(8F8`8V9h9
8&989V9
8)9/979A9
8'9/9B9M9R9b9l9s9~9
8"9-9Q9
8%9C9i9
8/9I9v9
?!?+?8?@?a?p?u?}?
;8=B=m=
< <8<<<@<D<H<L<
='>8>>>D>p?
8F8U8!9
:8:?:G:L:P:T:}:
:$:8:@:H:T:t:|:
8j92;?;M;};
8l8 9@90:Y:
8M859N9
:&<8<V<6?E?
>&?8?V?b?
8VVVVV
8Y8f8p8u8
:*:9:?:
9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
90989D9d9p9
909@9D9X9\9l9p9
909A9I9`9q9y9
929:9f9o9{9
959?9S9}9
9,:5:V:
9/:6:d:h:l:p:
9$90989X9|9
9 9&909?9^9{9
9 9(909<9\9h9
9(9@9`9
9 9$9,9090;4;
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
9/9?9G9
9,9<9P9X9p9|9
9%9?9Y9
<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
9$9D9L9X9|9
9(9o9v91:
;#;-;9;C;O;f;u;
; ;9;C;R;\;f;v;
9/:f:y:>;v;
9;:H:r:w:
9L:j:|:
9 :M:p:
9.:R<l>
9-:R:O<
9*:U:{:
=#=;=a=
AAFFf;
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
A<;BD~
Adobe ImageReadyq
ADVAPI32.dll
:&;a;l=
AlphaBlend
america
american
american english
american-english
An application has made an attempt to load the C runtime library incorrectly.
AppendMenuW
Arizona1
      <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
</assembly>PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<at9<rt,<wt
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
.?AUctype_base@std@@
August
.?AUIFake@@
.?AUITextWidther@@
australian
autolaunch
.?AVbad_alloc@std@@
.?AVbad_cast@std@@
.?AVbad_exception@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AVBundlesSliderWindow@@
.?AVCAtlException@ATL@@
.?AV?$ctype@D@std@@
.?AVCustomWindow@@
.?AVDiskFile@@
.?AVexception@std@@
.?AVfacet@locale@std@@
.?AVfailure@ios_base@std@@
.?AVFileBase@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AVLabelTextSetter@@
.?AVlength_error@std@@
.?AVLoaderCallback@@
.?AV_Locimp@locale@std@@
.?AVlogic_error@std@@
.?AVMainDownloaderWindowSlider@@
.?AVMainWindow@@
.?AVMemoryFile@@
.?AV?$MemPoolT@$0CE@@tinyxml2@@
.?AV?$MemPoolT@$0CM@@tinyxml2@@
.?AV?$MemPoolT@$0DA@@tinyxml2@@
.?AV?$MemPoolT@$0DE@@tinyxml2@@
.?AVMemPool@tinyxml2@@
.?AVNullFile@@
.?AVout_of_range@std@@
.?AVProgressDownloaderWindow@@
.?AVruntime_error@std@@
.?AVServerResponsesHandler@@
.?AVtype_info@@
.?AVUrlOpener@Utilities@@
.?AVWinHttpSmartLoader@@
.?AVXMLAttribute@tinyxml2@@
.?AVXmlBackImage@@
.?AVXmlBinary@@
.?AV?$XmlBundledContent@VXmlComplexDescriptionBundle@@@@
.?AVXmlBundleEulaText@@
.?AVXmlBundleLine@@
.?AVXmlBundleNumber@@
.?AVXmlBundleText@@
.?AVXMLComment@tinyxml2@@
.?AVXmlComplexBundlesLoadManager@@
.?AVXmlComplexDescriptionBundle@@
.?AVXmlContentBase@@
.?AVXMLDeclaration@tinyxml2@@
.?AVXMLDocument@tinyxml2@@
.?AVXMLElement@tinyxml2@@
.?AVXmlExBundle@@
.?AVXmlFileFolderCheck@@
.?AVXmlFileFolderCheckers_OR@@
.?AVXmlIconedBundle@@
.?AVXmlLaunchValidation@@
.?AVXmlLink@@
.?AVXmlLoaderBase@xml@@
.?AVXmlLoadManager@@
.?AVXMLNode@tinyxml2@@
.?AVXMLPrinter@tinyxml2@@
.?AVXmlRawBundle@@
.?AVXmlRegCheck@@
.?AVXmlRegCheckers_OR@@
.?AVXMLText@tinyxml2@@
.?AVXmlUniversalStyleContent@@
.?AVXMLUnknown@tinyxml2@@
.?AVXmlValidationResponse@@
.?AVXMLVisitor@tinyxml2@@
>;?]?b?
backimages
bad allocation
bad cast
bad exception
 Base Class Array'
 Base Class Descriptor at (
__based(
BeginPaint
belgian
binary
BitBlt
bottom
BringWindowToTop
britain
bundle0buttonLabel
bundle0fileName
bundle0header1
bundle0header2
bundle0header3
bundle0requestLabel
bundlebeforelaunch
bundlecloseapperror
bundle%d
bundle%dbuttonLabel
bundle%deulatext
bundle%dex
bundle%dfileName
bundle%dheader1
bundle%dheader2
bundle%dheader3
bundle%dicon
bundle%dlines
bundledownloaderror
bundledownloadstart
bundledownloadsuccess
bundle%drequestLabel
bundlelauncherror
bundlelaunchsuccess
bundleperscreen
bundlepostsuccess
bundlestimeout
buttonLabel
;B$w2j
CallWindowProcW
canadian
cancelbutton
<![CDATA[
__cdecl
checkbox
CheckDlgButton
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
>c?h?p?
?C?H?V?c?j?t?
 Class Hierarchy Descriptor'
CloseHandle
__clrcall
CoCreateInstance
CoInitializeEx
COMCTL32.dll
 Complete Object Locator'
CONOUT$
`copy constructor closure'
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
CorExitProcess
CoTaskMemFree
C PjPV
C$PjQV
C.PjRV
C/PjSV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
CreateCompatibleBitmap
CreateCompatibleDC
CreateDialogIndirectParamW
CreateDialogParamW
CreateDIBSection
CreateEventW
CreateFileA
CreateFileW
CreateFontIndirectW
CreateFontW
CreateMutexW
CreatePatternBrush
CreatePopupMenu
CreateSolidBrush
CreateStreamOnHGlobal
CreateThread
CreateWindowExW
- CRT not initialized
: :D:`:|:
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
 delete
 delete[]
DeleteCriticalSection
DeleteDC
DeleteFileW
DeleteObject
  </dependency>
  <dependency>
    </dependentAssembly>
    <dependentAssembly>
DestroyMenu
DestroyWindow
;D;H;L;P;
<+<]<d<h<l<p<t<x<|<
DispatchMessageW
<(<,<<<@<D<L<d<t<x<
:d>l>t>|>
;$;D;L;T;\;d;l;t;|;
<$<D<L<T<\<d<l<x<
DOMAIN error
downloaderror
= =D=P=X=
DrawFrameControl
DrawTextW
> >$>,>D>T>X>h>l>p>t>|>
dutch-belgian
`dynamic atexit destructor for '
`dynamic initializer for '
dynboth
dynleft
dyntop
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
EnableWindow
EncodePointer
EndDialog
EndPaint
england
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
EnterCriticalSection
EnumChildWindows
EnumSystemLocalesA
:::e:p:
;[;e;s;
ExitProcess
ExpandEnvironmentStringsW
expire
externals
extra1
extra2
extra3
=(=F=`=
F\=8mG
@@f90u
failon302redirect
__fastcall
;*;F;b;
February
<(<F<`<f>x>V?e?
filecheck
fileName
FillRect
FindResourceW
fixHeight
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsA
FreeEnvironmentStringsW
french-belgian
french-canadian
french-luxembourg
french-swiss
Friday
: :F;U;
<f<x<d=
;f=x=G>
>!>+>=>G>
?%?G?]?
g0y0d2
GAIsProcessorFeaturePresent
GDI32.dll
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
GetACP
GetActiveWindow
GetAncestor
GetClientRect
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetCursorPos
GetDlgCtrlID
GetDlgItem
GetDlgItemTextW
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileAttributesW
GetFileSize
GetFileType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetMessageW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetObjectW
GetOEMCP
GetParent
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetPropW
GetStartupInfoA
GetStdHandle
GetStockObject
GetStringTypeA
GetStringTypeW
GetSysColorBrush
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathW
GetTextExtentPoint32W
GetTickCount
GetUserDefaultLCID
GetUserObjectInformationA
GetVersionExW
GetWindowLongW
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
(Go Daddy Class 2 Certification Authority0
GoDaddy.com, Inc.1301
'Go Daddy Secure Certification Authority1
great britain
gZ/Pu4
`h````
hcenter
<(<H<d<h<p<t<
header1
header2
header3
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
:(;H;h;
`h`hhh
HH:mm:ss
HHtXHHt
HHtYHHt
holland
hong-kong
=$=,=H=P=p=
?,?<?H?P?t?
<(<H<P<X<\<`<h<|<
;(;H;T;t;
*http://certificates.godaddy.com/repository0
+http://certificates.godaddy.com/repository/0
*http://certificates.godaddy.com/repository100.
>http://certificates.godaddy.com/repository/gd_intermediate.crt0
"http://crl.godaddy.com/gds5-16.crl0S
http://ocsp.godaddy.com0F
http://ocsp.godaddy.com/0J
<H=U=n=
hybridFileName
hybridUrl
 IDATx
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:3DD5C9019D5C11E3BA01FEA404FAD141" xmpMM:DocumentID="xmp.did:3DD5C9029D5C11E3BA01FEA404FAD141"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3DD5C8FF9D5C11E3BA01FEA404FAD141" stRef:documentID="xmp.did:3DD5C9009D5C11E3BA01FEA404FAD141"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:68EA2EBCA15711E3BF13D566FA2C931D" xmpMM:DocumentID="xmp.did:68EA2EBDA15711E3BF13D566FA2C931D"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:68EA2EBAA15711E3BF13D566FA2C931D" stRef:documentID="xmp.did:68EA2EBBA15711E3BF13D566FA2C931D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:69D1948A9D6511E3BA01FEA404FAD141" xmpMM:DocumentID="xmp.did:69D1948B9D6511E3BA01FEA404FAD141"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:69D194889D6511E3BA01FEA404FAD141" stRef:documentID="xmp.did:69D194899D6511E3BA01FEA404FAD141"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:AB2EF7199D6C11E3BA01FEA404FAD141" xmpMM:DocumentID="xmp.did:AB2EF71A9D6C11E3BA01FEA404FAD141"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:AB2EF7179D6C11E3BA01FEA404FAD141" stRef:documentID="xmp.did:AB2EF7189D6C11E3BA01FEA404FAD141"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
>If90t
images
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
introscreen
InvalidateRect
invalid map/set<T> iterator
invalid string position
ios_base::badbit set
ios_base::eofbit set
ios_base::failbit set
irish-english
IsDebuggerPresent
IsDialogMessageW
IsDlgButtonChecked
IsValidCodePage
IsValidLocale
IsWindow
italian-swiss
$iTXtXML:com.adobe.xmp
?"?,?I?Z?d?
j1|(hl
j9SQGu
JanFebMarAprMayJunJulAugSepOctNovDec
January
jF<-uH
j@j ^V
<:<j<q<
j"^SSSSS
:[:k:{:
KERNEL32
KERNEL32.dll
KillTimer
< ="?l?}?
launch-params
launch-type
launchValidation
LC_ALL
LC_COLLATE
LC_CTYPE
LCMapStringA
LCMapStringW
LC_MONETARY
LC_NUMERIC
LC_TIME
LeaveCriticalSection
leftBorder
?$?L?\?h?p?
line%d
LoadCursorW
LoadIconW
LoadLibraryA
LoadLibraryW
LoadResource
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LockResource
='=L=_=p=
lstrcatW
lstrcmpiA
lstrcmpiW
lstrcpynW
lstrcpyW
lstrlenA
lstrlenW
? ?,?L?X?x?
=-?:?^?m?
?%?=?M?
mainbundle
maincheckbox
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
MapWindowPoints
masteraction
masterrun
masterstart
maxiget
MessageBeep
MessageBoxA
MessageBoxW
metalink
</metalink>
metaurl
Microsoft Visual C++ Runtime Library
MM/dd/yy
Monday
MoveFileW
MoveWindow
< <$<M<s<
MSIMG32.dll
MultiByteToWideChar
 new[]
New IT Limited0
New IT Limited1
new-zealand
Nicosia1
norwegian
norwegian-bokmal
norwegian-nynorsk
Norwegian-Nynorsk
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
(null)
;(>O>\>
October
ODMgqQ
offset
ole32.dll
`omni callsig'
operator
__pascal
PathFileExistsW
PathIsDirectoryW
PathRemoveFileSpecW
PathRenameExtensionW
PathStripPathW
:!:@:P:b:g:
`placement delete closure'
`placement delete[] closure'
Please contact the application's support team for more information.
policy
policytext
portuguese-brazilian
postchecktimeout
PostMessageW
PostQuitMessage
PPPPPPPP
pr china
pr-china
Program: 
<program name unknown>
__ptr64
<p=t=x=|=
? ?(?@?P?T?X?`?x?
puerto-rico
- pure virtual function call
<&=\=q={=
Qj j j
QQSVWd
:?;Q;_;r;w;
QueryPerformanceCounter
qz9,(q]@P
radiocustom
radioquick
RaiseException
`.rdata
ReadFile
regcheck
regcheck_notexists
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
ReleaseDC
@.reloc
RemovePropW
        <requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
      <requestedPrivileges>
requestLabel
__restrict
:R:[:g:
RtlUnwind
runtime error 
Runtime Error!
<!--%s-->
<?%s?>
Saturday
`scalar deleting destructor'
Scottsdale1
ScreenToClient
    </security>
    <security>
SelectObject
SendMessageW
September
SetBkMode
SetCursor
SetDlgItemTextW
SetEndOfFile
SetEvent
SetFilePointer
SetFocus
SetHandleCount
SetLastError
SetPropW
SetStdHandle
SetTextColor
SetTimer
SetUnhandledExceptionFilter
SetWindowLongW
SetWindowPos
SetWindowTextW
SHBrowseForFolder
SHCreateDirectoryExW
SHCreateStreamOnFileEx
SHELL32.dll
ShellExecuteExW
Shell_NotifyIconW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHLWAPI.dll
SHOpenFolderAndSelectItems
SHOpenWithDialog
ShowWindow
silent
SING error
SizeofResource
slovak
south africa
south-africa
south korea
south-korea
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
s[S;7|G;w
^SSSSS
startrightafterskip
stats-url
stats-url2
__stdcall
`string'
string too long
StrStrIW
StrToIntExW
subidlaunch
Sunday
SunMonTueWedThuFriSat
svnup.sh
swedish-finland
S*WJ<JQ
=$=<=T=
t4h0$G
t9hP'G
TerminateProcess
tEXtSoftware
tGHt.Ht&
t!hDUG
t&hdXG
The Go Daddy Group, Inc.110/
t=hH[G
+t HHt
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
t hp]G
Thursday
t$h`XG
tinyxml2::XMLDocument error id=%d str1=%s str2=%s
< tK<	tG
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
topBorder
tR99u2
TrackPopupMenuEx
TranslateMessage
trinidad & tobago
trinity.3.3.3
trinity.3.3.4
trinity.3.3.6
trinity.3.3.7
trinity.void.v3
T	&Rj@
  </trustInfo>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
t"SS9]
<+t(<-t$:
t$<"u	3
Tuesday
;t$,v-
t VV9u
t+WWVPV
<T>X>\>`>d>h>l>p>t>x>|>
 Type Descriptor'
`typeof'
uBhbAF
`udt returning'
u hd'G
u h<'G
u h$'G
u ht'G
u)jAXf;
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UNICODE
uninstall
uniquescreen
united-kingdom
united-states
universal.catalina.v3
universal.luftix.v3
universal.newit.v3
universal.v3
Unknown exception
UpdateWindow
UQPXY]Y[
url_download_method
url_params
URPQQh@
USER32.dll
USER32.DLL
UTF-16LE
u,VVWV
<%<=<v=
?.?V?}?
`vbase destructor'
`vbtable'
>V?c?{?
`vcall'
vcenter
>->V>e>
;;<V<e<
;V<e<2>;>V>e>
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
vector<T> too long
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
virgin
VirtualAlloc
`virtual displacement map'
VirtualFree
v	N+D$
_VVVVV
<&=;=W=a=
WaitForMultipleObjects
WaitForSingleObject
Wednesday
wH!<c:O
WICConvertBitmapSource
WideCharToMultiByte
WindowsCodecs.dll
WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WINHTTP.dll
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetOption
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpWriteData
wintitle
WriteConsoleA
WriteConsoleW
WriteFile
^WWWWW
X1\1`1d1h1l1p1t1|1
xml version="1.0"
<?xml version="1.0" encoding="UTF-8"?>
xml version="1.0" encoding="UTF-8"
<?xpacket begin="
xppwpp
xpxxxx
<xtV<XtR
Y0)3@3
Y;=8$H
=Y?j?r?x?}?
>=Yt1j
=Z=|=&>
:%:/:Z:
Z0T1f1s1
=Z>r>w>