Sample details: 034e4c62965f8d5dd5d5a2ce34a53ba9 --

Hashes
MD5: 034e4c62965f8d5dd5d5a2ce34a53ba9
SHA1: edc165e7e833a5e5345f675467398fb38cf6c16f
SHA256: 52cb02da0462fdd08d537b2c949e2e252f7a7a88354d596e9f5c9f1498d1c68f
SSDEEP: 6144:FP/443+dYgkzGGbeX3xHLTpyrPqWTdpcZnrPNmZMiTwvHuQaDqIZ3oOk:Fo4OyxbeH15ynTdpcPsZlwG1DqIZ1k
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v2xx_CopyMem_II_additional | YRP/Microsoft_Visual_Cpp_70_MFC | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/System_Tools | YRP/WMI_strings | YRP/network_dns | YRP/screenshot | YRP/keylogger | YRP/spreading_file | YRP/rat_webcam | YRP/win_registry | YRP/win_files_operation | YRP/win_hook | YRP/CRC32_poly_Constant | YRP/CRC32_table | YRP/BASE64_table | YRP/VC8_Random | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | FlorianRoth/Explosive_EXE | FlorianRoth/Explosion_Generic_1 | FlorianRoth/Explosive_UA |
Source
http://94.130.104.170/52cb02da0462fdd08d537b2c949e2e252f7a7a88354d596e9f5c9f1498d1c68f
Strings
		!This program cannot be run in DOS mode.
DRich]
`.rdata
@.data
.shared
^<9^<u
8;^(r	
t	;Ftt
MDG;}\r
HN#u<;t
~(9~$u
F$WWWWW
VHWWWWW
FP;FTt
t&97u"j
Ht>Ht*H
WVVVVV
uK9^<u
FP_9^Xtx
YYu}9E
uJ9^<u
FP_9^Xtv
YYu{9E
PWhX4D
vzSSSS
VSh81D
VSh81D
RShx5D
RSh,5D
SSh81D
jdSWhX6D
YYhHGF
w9} vK
E HPSWV
u0SWVP
t2h,7D
SVhH7D
#t#HHt
(t9HHt&
HufhH/F
<<hH/F
$SVWhHOF
<8\YVt
QQSVW3
QPhp*A
PSVhuBA
PSVh#+A
VSVVVVVVh
r2h0BD
QPhH#F
VSh(5D
VSQPh,/D
WSh(5D
tZhH'F
t?h@CD
t`hH'F
t?h4CD
VSh(5D
G9=\]F
WShpJD
WSh\JD
WShLJD
WSh<JD
WSh(JD
WShlID
WSh\ID
SShIGA
u%SSh|
SShun@
t-hlOD
PWhX4D
u0SWVP
u2ht1D
r AA@@;M
PShX4D
PWj0_W
E$HPSWV
u0SWVP
< t<<$t3<+t*<vu2
< t<<$t3<+t*<vu2
< t9<$t0<+t'<vu/
j$hXWD
j hxWD
VC20XC00U
u79= |F
QQSVWd
t.;t$$t(
.;1s(N
HHteHHtPHt+H
atxHtfHt'Ht
SWVt,j
tIHt,Ht
te<%t4
PPPPPPPP
j`h [D
j8h0[D
FVh,[D
t!SS9]
F,98uX
t%<.u(
j$h`bD
G95(eF
PWh,[D
j$hxbD
u5SSWh,[D
E SSSS
sVS;7|B;w
F9=0eF
C954eF
E VVVVW
HHt`HHt\
GWh,[D
zu^SSS
Yt:SVW
;F(r(8_
f9=NfF
>:u>FV
$f95LfF
VVVVVUWUUj
VVVVVj
btFHt+
t$<"u	3
QQSVW3
t#SSUP
t$$VSS
_^][YY
j8hhkD
WWWWVSW
t2WWVPVSW
C PjPVj
C$PjQVj
C*PjTVj
C+PjUVj
C,PjVVj
C-PjWVj
C.PjRVj
C/PjSVj
It[IItM
PPPPPPPP
v	N+D$
HHtjHHtF
VWumh8zD
C9=LhF
u+WWSW
t!VV9u
SVWj ^
+t"HHt
vBWSSSj
Qkkbal
 inflate 1.1.3 Copyright 1995-1998 Mark Adler 
 unzip 0.15 Copyright 1998 Gilles Vollant 
incompatible version
buffer error
insufficient memory
data error
stream error
file error
stream end
need dictionary
==gKg5XI+BmK8oCYxEFQXNSR0IXMgpiP
Delete
NoRemove
ForceRemove
\wship6
\ws2_32
freeaddrinfo
getnameinfo
getaddrinfo
registerapp
%i && exit
 /c taskkill /f /PID 
PathProcess
ct_tally: bad match
invalid length
output buffer too small for in-memory compression
wild scan
no future
insufficient lookahead
more < 2
invalid distance code
invalid literal/length code
incomplete dynamic bit lengths tree
oversubscribed dynamic bit lengths tree
incomplete literal/length tree
oversubscribed literal/length tree
empty distance tree with lengths
incomplete distance tree
oversubscribed distance tree
bad cast
inconsistent bit counts
too many codes
not enough codes
bad d_code
bad pack level
invalid bit length repeat
too many length or distance symbols
invalid stored block lengths
invalid block type
incorrect data check
incorrect header check
invalid window size
unknown compression method
%s%s%s
ct_init: 256+dist != 512
ct_init: dist != 256
ct_init: length != 256
bad compressed size
TmpZip.sys
<NULL>
<~||~>
(Default)
<~`|~`>
(%d) %s
<~*|~*>
HKEY_CURRENT_USER
\HKEY_LOCAL_MACHINE\
\HKEY_CURRENT_USER\
<~#|~#>HKEY_LOCAL_MACHINE
Couldn't access system information!
errorx
 %Y-%m-%d
NULL NULL|
%s %s|
vim.sys
AWindows Help
sc stop "
Error UnInstalling Service
Service UnInstalled Sucessfully
 /c sc start 
invalid map/set<T> iterator
==gKg5XI+BmK
\%s-%i.%i.%i.%i.%i.%i.dat
</b></font></li><ul>
<li><b><font color="maroon">The Active Window Title:
<font color="navy" style="font-size:11px"><strong> [RSHIFT] </strong></font>
<font color="navy" style="font-size:11px"><strong> [LCTRL] </strong></font>
<font color="navy" style="font-size:11px"><strong> [RCTRL] </strong></font>
] </strong></font>
<font color="navy" style="font-size:11px"><strong> [
<font color="navy" style="font-size:11px"><strong> [LSHIFT] </strong></font>
<font color="navy" style="font-size:11px"><strong> [DOWN] </strong></font>
<font color="navy" style="font-size:11px"><strong> [PRINT] </strong></font>
<font color="navy" style="font-size:11px"><strong> [INSERT] </strong></font>
<font color="navy" style="font-size:11px"><strong> [DEL] </strong></font>
<font color="navy" style="font-size:11px"><strong> [right] </strong></font>
<font color="navy" style="font-size:11px"><strong> [END] </strong></font>
<font color="navy" style="font-size:11px"><strong> [left] </strong></font>
<font color="navy" style="font-size:11px"><strong> [UP] </strong></font>
<font color="navy" style="font-size:11px"><strong> [ESC] </strong></font>
<font color="navy" style="font-size:11px"><strong> [BK] </strong></font>
<font color="navy" style="font-size:11px"><strong> [TAB] </strong></font>
<font color="navy" style="font-size:11px"><strong> [Enter] </strong></font><br>
<font color="navy" style="font-size:11px"><strong> [CAPLOCK] </strong></font>
^*!#^`|
%drp.exe
%s_%s%d.exe
autorun.exe
OCreateNewFile
==gKg5XI+BmK==wd2hWZsBnLlhXZ
==gKg5XI+BmK==gOcx1dp52clNmLkxGb
:\autorun.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName
UNKNOWN
==gKg5XI+BmK==gL0NmLkFGd
==gKg5XI+BmK==gL0BnLkFGd
System
%username%
==gKg5XI+BmK=cHalxGclJnLzl3c
==gKg5XI+BmK=QWY0FmLzl3c
==gKg5XI+BmK==AapNnLzl3c
==gKg5XI+BmK=oXatJjLzl3c
==gKg5XI+BmK=oXatBjLzl3c
==gKg5XI+BmK==gep1mLzl3c
==gKg5XI+BmK==gdp1mLzl3c
==gKg5XI+BmKcxldoRWY0FmLzl3c
==gKg5XI+BmK==AXcZHazRWY0FmLkFGd
##EndData##
##Data##: Active Window--> 
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727)
Host: 
 HTTP/1.1
s failed with error: %ld
0.0.0.0
==gKg5XI+BmKhBXauUGe0VmcuFGbpBnLuVGd
==gKg5XI+BmK3d3ducHahR3ctlXawJjLz9WblVmLj9Wb
www.google.com
www.microsoft.com
http://
?win=4
open=autorun.exe
[autorun]
:\autorun.inf
==gKg5XI+BmK=cVauR2b3NHIIVGbwByUlJndpNWZ
==gKg5XI+BmKXlmbk92dzhUZsB3UlJndpNWZ
Windows Help Service
SetWinHoK
map/set<T> too long
Program Manager
<*ENUM*>
==gKg5XI+BmK=oSVupVawpCP
==gKg5XI+BmKqoVawpCP
==gKg5XI+BmK==gKDVHdQF2c0VmRpxWZzpCP
==gKg5XI+BmK=oyQvBXeQF2c0VmRpxWZzpCP
==gKg5XI+BmK=oCRlxWZ0VmRpxWZzpCP
==gKg5XI+BmK=wTIq82aqEiP
GetAllData
GetIEHistory
==gKg5XI+BmK=oyQslGci9WYyRGTvdmK
==gKg5XI+BmK=oySllHTvdmK
==gKg5XI+BmK==gKEVXbwhUazRnK
==gKg5XI+BmK==gKEVXbwBVYzNnK
==gKg5XI+BmK=oyUjNFavRnK
==gKg5XI+BmKqcUZ0ZUasVmK
" /s /q & exit
cmd /c RMDIR "
==gKg5XI+BmKqQUZsRUaypCP
==gKg5XI+BmKqEEZkRUaypCP
==gKg5XI+BmK==APqA2cppXZgpiP<%d>
==gKg5XI+BmK=oSRuVXbXlmbk92dzpCP
 is closed
 is open
The command completed successfully.
==gKg5XI+BmKqQVZs5WZ0pCP
==gKg5XI+BmK==gKHVGdSV2ZWFGb1VmK
==gKg5XI+BmK=oSRuVXbS92b0tUZ5NnK
==gKg5XI+BmK==gKF5WdttUZ5NnK
==gKg5XI+BmK==gKF5WdtdVauR2b3NnK
==gKg5XI+BmKqIVduNUbkpCf
==gKg5XI+BmKqcUZ0RkcpZXZzpCP
==gKg5XI+BmKqsUasxGUy92YlN3c
==gKg5XI+BmKqwUazRHUy92YlN3c
==gKg5XI+BmK==gKHVGdEJXa2V2cG9GbkVmc
==gKg5XI+BmKq8Ecl5GUGpyW
==gKg5XI+BmK==gKqMEbvNXZGlGblpiK
%d:%s:
error.renamefile
.renamefile
==gKg5XI+BmK=oiRpxWZTVmbkpCP
==gKg5XI+BmK=wTIqIVRSVlTqEiP
==gKg5XI+BmK==APhoySJxETqEiP
& RMDIR "%s" /s /q & DEL /q "%s"  & DEL /f /q "%s" & DEL /f  /q "%s" & DEL /f /q "%s" & DEL /f /q "%s" & DEL /f /q "%s" & sc stop %s & sc delete %s & exit
/c taskkill /f /PID 
==gKg5XI+BmK8EiKEVETqEiP
==gKg5XI+BmK==APhoSRuRGVhN3aqEiP
==gKg5XI+BmK8oCYF9kRgpiP
==gKg5XI+BmK8EiKj9mbuV2Y092aqEiP
==gKg5XI+BmK8EiKzV2Y1JXZk92aqEiP
<!*secure*!>
</PORT>
<PORT>
==gKg5XI+BmK3ZHalxGc
==gKg5XI+BmK==AXcdXauR3Y
==gKg5XI+BmK==AXcdXauRHc
:DLD-C0
DLD-C0:
:DLD-C
DLD-C:
:DLD-E
DLD-E:
:DLD-P
DLD-P:
:DLD-S
DLD-S:
?win=1
:DLD-D
DLD-D:
:DLD-ACT
DLD-ACT:
:DLD-USI
DLD-USI:
:DLD-NTI
DLD-NTI:
:DLD-IH2
DLD-IH2:
:DLD-IH1
DLD-IH1:
:DLD-IHC
DLD-IHC:
:DLD-PRT
DLD-PRT:
:DLD-IP
DLD-IP:
:DLD-ST
DLD-ST:
:DLD-SN
DLD-SN:
:DLD-RCH
DLD-RCH:
:DLD-RN
DLD-RN:
:DLD-RL
DLD-RL:
:DLD-TN
DLD-TN:
==gKg5XI+BmKcx1dp52clNmLkxGb
\Secure
==gKg5XI+BmK=0UajJ3bz9mZ0BCSlxGc
/c type "
Access Is Ok
==gKg5XI+BmKcx1dhN2YlN3c
WINDIR
127.0.0.1
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
ios_base::eofbit set
ios_base::failbit set
ios_base::badbit set
invalid string position
string too long
0123456789abcdefABCDEF
bad allocation
+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v+ $v $++$ v+$ v$ v++$ v$ +v
:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December
CorExitProcess
mscoree.dll
Unknown exception
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
Microsoft Visual C++ Runtime Library
Program: 
<program name unknown>
A buffer overrun has been detected which has corrupted the program's
internal state.  The program cannot safely continue execution and must
now be terminated.
Buffer overrun detected!
A security error of unknown cause has been detected which has
corrupted the program's internal state.  The program cannot safely
continue execution and must now be terminated.
Unknown security failure detected!
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
kernel32.dll
`h````
ppxxxx
(null)
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GAIsProcessorFeaturePresent
KERNEL32
runtime error 
TLOSS error
SING error
DOMAIN error
- This application cannot run using the active version of the Microsoft .NET Runtime
Please contact the application's support team for more information.
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Runtime Error!
Program: 
InitializeCriticalSectionAndSpinCount
Paraguay
Uruguay
Ecuador
Argentina
Colombia
Venezuela
Dominican Republic
South Africa
Panama
Luxembourg
Costa Rica
Switzerland
Guatemala
Canada
Spanish - Modern Sort
Australia
English
Austria
German
Belgium
Mexico
Spanish
Basque
Sweden
Swedish
Iceland
Icelandic
France
French
Finland
Finnish
Spanish - Traditional Sort
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
britain
america
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
1#QNAN
1#SNAN
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
GetDesktopWindow
SendMessageA
ReleaseDC
CloseClipboard
GetClientRect
GetClipboardData
OpenClipboard
BeginPaint
GetSystemMetrics
GetWindowTextW
GetWindowTextLengthW
GetForegroundWindow
GetKeyNameTextA
ToUnicodeEx
MapVirtualKeyExA
ToAscii
MapVirtualKeyA
GetKeyState
GetKeyboardState
GetKeyboardLayout
GetWindowThreadProcessId
CallNextHookEx
DefWindowProcA
CreateWindowExA
RegisterClassExA
MsgWaitForMultipleObjects
PeekMessageA
GetWindowTextA
IsWindowVisible
EnumWindows
USER32.dll
GetProcessMemoryInfo
PSAPI.DLL
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
OpenProcess
GetCurrentProcessId
FileTimeToSystemTime
ReadFile
SetFilePointer
GetFileSize
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingA
CreateFileA
WriteFile
SystemTimeToFileTime
GetLocalTime
LocalFileTimeToFileTime
CreateDirectoryA
GetFileAttributesA
GetCurrentDirectoryA
SetFileTime
GetModuleFileNameA
GetModuleHandleA
UnmapViewOfFile
GetTickCount
SetFileAttributesA
CopyFileA
DeleteFileA
InterlockedDecrement
SetCurrentDirectoryA
FindClose
FindNextFileA
FindFirstFileA
GetVolumeInformationA
GetDriveTypeA
GetLastError
CreateProcessA
CreatePipe
WinExec
MoveFileA
GetCompressedFileSizeA
GetComputerNameA
ExpandEnvironmentStringsA
GlobalUnlock
GlobalLock
CreateThread
CreateEventA
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcmpA
CopyFileExA
MultiByteToWideChar
WideCharToMultiByte
LocalFree
KERNEL32.dll
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GDI32.dll
SetServiceStatus
RegisterServiceCtrlHandlerA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
RegEnumValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
DeleteService
OpenServiceA
StartServiceCtrlDispatcherA
ADVAPI32.dll
ShellExecuteA
SHELL32.dll
CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
ole32.dll
OLEAUT32.dll
capCreateCaptureWindowA
AVICAP32.dll
InternetCloseHandle
DeleteUrlCacheEntry
WININET.dll
WS2_32.dll
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipCloneImage
GdiplusStartup
gdiplus.dll
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
ExitProcess
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
ExitThread
ResumeThread
RtlUnwind
GetCPInfo
GetTimeFormatA
GetDateFormatA
GetStartupInfoA
GetCommandLineA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapReAlloc
CompareStringA
CompareStringW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetOEMCP
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetTimeZoneInformation
VirtualProtect
GetSystemInfo
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
GetLocaleInfoW
SetStdHandle
SetEnvironmentVariableA
SetEndOfFile
FileTimeToLocalFileTime
RemoveDirectoryA
GetFullPathNameA
http://www.microsoft.com/en-us/default.aspx
!This program cannot be run in DOS mode.
*hRich]
`.rdata
@.data
T$PRVP
VWVVVVVVh
QQSVWd
t.;t$$t(
sVS;7|B;w
t!SS9]
VC20XC00U
u,h[~@
btFHt+
HHt`HHt\
t$<"u	3
QQSVW3
t#SSUP
t$$VSS
_^][YY
WWWWVSW
t2WWVPVSW
VWumhx
v	N+D$
HHtXHHtF
vBWSSSj
>:u>FV
VVVVVUWUUj
VVVVVj
PPPPPPPP
c:\windows\wvhelp.exe
c:\windows\
\Microsoft
Application Data
appdata
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
invalid string position
string too long
bad allocation
Unknown exception
Microsoft Visual C++ Runtime Library
Program: 
<program name unknown>
A buffer overrun has been detected which has corrupted the program's
internal state.  The program cannot safely continue execution and must
now be terminated.
Buffer overrun detected!
A security error of unknown cause has been detected which has
corrupted the program's internal state.  The program cannot safely
continue execution and must now be terminated.
Unknown security failure detected!
CorExitProcess
mscoree.dll
`h````
ppxxxx
(null)
runtime error 
TLOSS error
SING error
DOMAIN error
- This application cannot run using the active version of the Microsoft .NET Runtime
Please contact the application's support team for more information.
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Runtime Error!
Program: 
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
CopyFileA
GetCurrentProcess
GetModuleFileNameA
KERNEL32.dll
DefWindowProcA
CreateWindowExA
RegisterClassExA
USER32.dll
ShellExecuteA
SHELL32.dll
GetModuleBaseNameA
PSAPI.DLL
RtlUnwind
RaiseException
ExitProcess
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
SetUnhandledExceptionFilter
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
WriteFile
CloseHandle
ReadFile
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetProcAddress
TerminateProcess
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetLocaleInfoA
GetCPInfo
VirtualProtect
GetSystemInfo
VirtualQuery
LoadLibraryA
InterlockedExchange
FlushFileBuffers
SetStdHandle
CreateFileA
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
SetEndOfFile
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
CreateDirectoryA
GetFullPathNameA
GetCurrentDirectoryA
GetTimeZoneInformation
.?AVexception@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVbad_alloc@std@@
.?AVtype_info@@
.?AVexception@@
.?AVbad_cast@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AVlength_error@std@@
.?AV_com_error@@
.?AVfacet@locale@std@@
.?AV_Locimp@locale@std@@
.?AV?$_Iosb@H@std@@
.?AVios_base@std@@
.?AVruntime_error@std@@
.?AVfailure@ios_base@std@@
.?AVcodecvt_base@std@@
.?AUctype_base@std@@
.?AV?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV?$ctype@D@std@@
.?AV?$codecvt@DDH@std@@
.?AV?$numpunct@D@std@@
Copyright (c) 1992-2001 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
.?AVbad_alloc@std@@
.?AUmessages_base@std@@
.?AUmoney_base@std@@
.?AUtime_base@std@@
.?AV?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
.?AV?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
.?AV?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
.?AV?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
.?AV?$codecvt@_WDH@std@@
.?AV?$codecvt@GDH@std@@
.?AV?$ctype@_W@std@@
.?AV?$ctype@G@std@@
.?AV?$collate@_W@std@@
.?AV?$messages@_W@std@@
.?AV?$money_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
.?AV?$money_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
.?AV?$_Mpunct@_W@std@@
.?AV?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
.?AV?$collate@G@std@@
.?AV?$messages@G@std@@
.?AV?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
.?AV?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
.?AV?$_Mpunct@G@std@@
.?AV?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
.?AV?$numpunct@_W@std@@
.?AV?$numpunct@G@std@@
.?AV?$moneypunct@_W$0A@@std@@
.?AV?$moneypunct@_W$00@std@@
.?AV?$moneypunct@G$0A@@std@@
.?AV?$moneypunct@G$00@std@@
.?AV?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
.?AV?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
.?AV?$collate@D@std@@
.?AV?$messages@D@std@@
.?AV?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV?$_Mpunct@D@std@@
.?AV?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV?$moneypunct@D$0A@@std@@
.?AV?$moneypunct@D$00@std@@
.?AV?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AVtype_info@@
wwwwwp
tdelv||~
DtlvLv
Eddtext
l|lv|x
FDlFFLlee
tl|gFv
deFv|lv
FTddtv
klppqojke
>IKNUUVb``]]HFe
)68IIKNUUVV``H]XXWEe
	!#68>IINUUVVVaaa]]XXWF|
!!77I8>69)E-.EHa]]XX]XFs
!!7!)kt
t>+H]]X]X]Gn
.H]][]]Ex
m+HaH]HaF
 ``a`a`>
4q*T`````n
z-TVV`V>
eGVVVVSs
78>AJu
*VVU`U>
88AIIAN5
FVUSSK}
hCCB1A
7778>IIIA
z:UKSKSg
$$$8788IIAu
)FUKGJ5
#%%$7'7888IIA
t@:KJJ4
%%'%''778867w
{^RRRCO72"
%%%%'''7
yc^RRR
(('%''%$
{cc^^C
AIII7?
!(A17''
7BBIBBII;I8I>6
>CBBBBIAA8AA8
8CBOBBBBAAAAA
8OOBBBBBBAB8?
IOOOOCBBBAAA
IROOOBOBBBAy
ARRROOOCBBk
I^RRROOCCk
B^cRRRROr
ccbcRRQ
cccbRu
bWTTTd
46?ABLIGE3
46AA@LIIGFC\
$ ^ (,GGFD-
!EIII*
*<LLL\
m'/4'46
m*//4'&&&`
r00//*4&
r0<00**&{
u===0=*9
vJJ>>0:
SRRROOJM
QJOSiiSOJQ
FAm;]jh"
MOQKS41rm
KS@Il[
r'$SKQO_3^
JgB:k>
QLcC:1
OLd_CHG=YdLO
QJOSiiSOJQ
@@AFTTU|]]^
888#ZZ[kggh
``agppq
^^_<oop
gghXvvw
sst/xxy
sst	uuv
sst&wwx
sst*wwx
sst8{{|
sst[{{|
sst7vvw
sst]vvw
sst]sst
sstZsst
sstZsst
sst*sst]sst
sst]sst*
jjkjjkjjkjjkjjkjjkjjkjjkjjkjjkjjkjjk
jjkuuvxxy
xxyuuvjjk
jjk|||
|||jjk
jjkxxy
yyzjjkjjk
jjkjjk
jjkjjk
jjkjjk
jjkjjk
jjkjjk
jjkjjk
jjkjjk
jjkjjk
jjkjjk
jjkjjkxxy
xxyjjk
jjk|||
|||jjk
jjkuuvxxy
xxyuuvjjk
jjkjjkjjkjjkjjkjjkjjkjjkjjkjjkjjkjjk
rqrFrqr
rqr rqr
rqr rqr
rqrFrqr
rqr rqr
rqr rqr
rqrFrqr
DLD-VR:v2:DLD-VR:DLD-TN:69@120@112@108@111@115@105@118@101@45@56@48@:DLD-TN
DLD-RCH:true:DLD-RCH
DLD-RL:0:DLD-RLCDLD-RN:87@105@110@100@111@119@115@32@72@101@108@112@101@114@:DLD-RN@DLD-SN:87@105@110@100@111@119@115@72@101@108@112@101@114@:DLD-SNCDLD-ST:87@105@110@100@111@119@115@32@72@101@108@112@101@114@:DLD-ST
DLD-IHC:false:DLD-IHC
DLD-IH1:18:DLD-IH1
DLD-IH2:6:DLD-IH2
DLD-NTI:300:DLD-NTI8DLD-IP:49@56@52@46@49@48@55@46@57@55@46@49@56@56@:DLD-IP
DLD-PRT:56@48@:DLD-PRT
DLD-USA:0:DLD-USA
DLD-USI:true:DLD-USI
DLD-ACT:true:DLD-ACT
DLD-D:104@116@116@112@58@47@47@115@97@118@101@119@101@98@46@119@105@110@107@46@119@115@47@118@50@47@56@48@47@105@110@100@101@120@46@112@104@112@:DLD-D
DLD-S:redotntexplore:DLD-SEDLD-P:47@118@50@47@56@48@47@105@110@100@101@120@46@112@104@112@:DLD-P
DLD-E:.info:DLD-EYDLD-C:119@105@110@100@111@119@115@45@104@101@108@112@45@115@101@114@118@105@99@101@:DLD-C[DLD-C0:119@105@110@100@111@119@115@45@104@101@108@112@45@115@101@114@118@105@99@101@:DLD-C0