Sample details: 2b9106e8df3aa98c3654a4e0733d83e7 --

Hashes
MD5: 2b9106e8df3aa98c3654a4e0733d83e7
SHA1: db5b0f6256a2e68acffd14c4946971e2e9e90bfb
SHA256: 03641e5632673615f23b2a8325d7355c4499a40f47b6ae094606a73c56e24ad0
SSDEEP: 6144:4f/4UN9ltp0rG8V26R7aJO4n0Bu0hqFbQmt1dPHmeuQaDqIZ3eiRH3AdKy9HGeol:4YUrfJI7CO4Jb7t1dq1DqIZyjmNl
Details
File Type: PE32
Yara Hits
YRP/Armadillo_v2xx_CopyMem_II_additional | YRP/Microsoft_Visual_Cpp_70_MFC | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/System_Tools | YRP/WMI_strings | YRP/network_dns | YRP/screenshot | YRP/keylogger | YRP/spreading_file | YRP/rat_webcam | YRP/win_registry | YRP/win_files_operation | YRP/win_hook | YRP/CRC32_poly_Constant | YRP/CRC32_table | YRP/BASE64_table | YRP/VC8_Random | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | FlorianRoth/Explosive_EXE | FlorianRoth/Explosion_Generic_1 | FlorianRoth/Explosive_UA |
Source
http://94.130.104.170/03641e5632673615f23b2a8325d7355c4499a40f47b6ae094606a73c56e24ad0
Strings
		!This program cannot be run in DOS mode.
DRich]
`.rdata
@.data
.shared
^<9^<u
8;^(r	
t	;Ftt
MDG;}\r
HN#u<;t
~(9~$u
F$WWWWW
VHWWWWW
FP;FTt
t&97u"j
Ht>Ht*H
WVVVVV
uK9^<u
FP_9^Xtx
YYu}9E
uJ9^<u
FP_9^Xtv
YYu{9E
PWhX4D
vzSSSS
VShD1D
VShD1D
RShx5D
RSh,5D
SShD1D
jdSWh`6D
YYh(GF
w9} vK
E HPSWV
u0SWVP
t2h47D
SVhP7D
#t#HHt
(t9HHt&
Hufh(/F
<<h(/F
L$,_^][d
<8\YVt
QQSVW3
VSVVVVVVh
QPh(#F
VSh(5D
VSQPh8/D
SSh._@
WSh(5D
tZh('F
t?h DD
t&SSh._@
t`h('F
t&SSh._@
VSh(5D
SSh:`@
WShpKD
WSh\KD
WShLKD
WSh<KD
WSh(KD
WShlJD
WSh\JD
t-hlPD
PWhX4D
u0SWVP
r AA@@;M
PShX4D
PWj0_W
E$HPSWV
u0SWVP
< t<<$t3<+t*<vu2
< t<<$t3<+t*<vu2
< t9<$t0<+t'<vu/
j$hXXD
j hxXD
VC20XC00U
u%9=xeF
u,h?`C
QQSVWd
t.;t$$t(
.;1s(N
HHteHHtPHt+H
atxHtfHt'Ht
SWVt,j
tIHt,Ht
te<%t4
PPPPPPPP
j`h \D
j8h0\D
FVh >D
t!SS9]
F,98uX
t%<.u(
j$h`cD
PWh >D
j$hxcD
u5SSWh >D
E SSSS
sVS;7|B;w
E VVVVW
HHt`HHt\
GWh >D
zu^SSS
Yt:SVW
;F(r(8_
f9=&fF
f9=zfF
>:u>FV
f95xfF
$f95$fF
VVVVVUWUUj
VVVVVj
btFHt+
t$<"u	3
QQSVW3
t#SSUP
t$$VSS
_^][YY
j8hhlD
WWWWVSW
t2WWVPVSW
C PjPVj
C$PjQVj
C*PjTVj
C+PjUVj
C,PjVVj
C-PjWVj
C.PjRVj
C/PjSVj
It[IItM
PPPPPPPP
v	N+D$
HHtjHHtF
VWumh8{D
C9=$hF
u+WWSW
t!VV9u
SVWj ^
+t"HHt
vBWSSSj
Qkkbal
 inflate 1.1.3 Copyright 1995-1998 Mark Adler 
 unzip 0.15 Copyright 1998 Gilles Vollant 
incompatible version
buffer error
insufficient memory
data error
stream error
file error
stream end
need dictionary
==gKg5XI+BmK8oCYxEFQXNSR0IXMgpiP
Delete
NoRemove
ForceRemove
\wship6
\ws2_32
freeaddrinfo
getnameinfo
getaddrinfo
OpenClipFn
registerapp
%i && exit
 /c taskkill /f /PID 
PathProcess
ct_tally: bad match
invalid length
output buffer too small for in-memory compression
wild scan
no future
insufficient lookahead
more < 2
invalid distance code
invalid literal/length code
incomplete dynamic bit lengths tree
oversubscribed dynamic bit lengths tree
incomplete literal/length tree
oversubscribed literal/length tree
empty distance tree with lengths
incomplete distance tree
oversubscribed distance tree
bad cast
inconsistent bit counts
too many codes
not enough codes
bad d_code
bad pack level
invalid bit length repeat
too many length or distance symbols
invalid stored block lengths
invalid block type
incorrect data check
incorrect header check
invalid window size
unknown compression method
%s%s%s
ct_init: 256+dist != 512
ct_init: dist != 256
ct_init: length != 256
bad compressed size
<NULL>
<~||~>
(Default)
<~`|~`>
(%d) %s
<~*|~*>
HKEY_CURRENT_USER
\HKEY_LOCAL_MACHINE\
\HKEY_CURRENT_USER\
<~#|~#>HKEY_LOCAL_MACHINE
Couldn't access system information!
errorx
 %Y-%m-%d
NULL NULL|
%s %s|
vim.sys
AWindows Help
sc stop "
Error UnInstalling Service
Service UnInstalled Sucessfully
 /c sc start 
invalid map/set<T> iterator
==gKg5XI+BmK
\%s-%i.%i.%i.%i.%i.%i.dat
</b></font></li><ul>
<li><b><font color="maroon">The Active Window Title:
<font color="navy" style="font-size:11px"><strong> [RSHIFT] </strong></font>
<font color="navy" style="font-size:11px"><strong> [LCTRL] </strong></font>
<font color="navy" style="font-size:11px"><strong> [RCTRL] </strong></font>
] </strong></font>
<font color="navy" style="font-size:11px"><strong> [
<font color="navy" style="font-size:11px"><strong> [LSHIFT] </strong></font>
<font color="navy" style="font-size:11px"><strong> [DOWN] </strong></font>
<font color="navy" style="font-size:11px"><strong> [PRINT] </strong></font>
<font color="navy" style="font-size:11px"><strong> [INSERT] </strong></font>
<font color="navy" style="font-size:11px"><strong> [DEL] </strong></font>
<font color="navy" style="font-size:11px"><strong> [right] </strong></font>
<font color="navy" style="font-size:11px"><strong> [END] </strong></font>
<font color="navy" style="font-size:11px"><strong> [left] </strong></font>
<font color="navy" style="font-size:11px"><strong> [UP] </strong></font>
<font color="navy" style="font-size:11px"><strong> [ESC] </strong></font>
<font color="navy" style="font-size:11px"><strong> [BK] </strong></font>
<font color="navy" style="font-size:11px"><strong> [TAB] </strong></font>
<font color="navy" style="font-size:11px"><strong> [Enter] </strong></font><br>
<font color="navy" style="font-size:11px"><strong> [CAPLOCK] </strong></font>
TmpZip.sys
==gKg5XI+BmK90TUyMDN1YTWI5kQkUjN
^*!#^`|
%drp.exe
%s_%s%d.exe
autorun.exe
OCreateNewFile
==gKg5XI+BmK==wd2hWZsBnLlhXZ
==gKg5XI+BmK==gOcx1dp52clNmLkxGb
:\autorun.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName
UNKNOWN
==gKg5XI+BmK==gL0NmLkFGd
==gKg5XI+BmK==gL0BnLkFGd
System
%username%
==gKg5XI+BmK=cHalxGclJnLzl3c
==gKg5XI+BmK=QWY0FmLzl3c
==gKg5XI+BmK==AapNnLzl3c
==gKg5XI+BmK=oXatJjLzl3c
==gKg5XI+BmK=oXatBjLzl3c
==gKg5XI+BmK==gep1mLzl3c
==gKg5XI+BmK==gdp1mLzl3c
==gKg5XI+BmKcxldoRWY0FmLzl3c
==gKg5XI+BmK==AXcZHazRWY0FmLkFGd
##EndData##
##Data##: Active Window--> 
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727)
Host: 
 HTTP/1.1
s failed with error: %ld
0.0.0.0
==gKg5XI+BmKhBXauUGe0VmcuFGbpBnLuVGd
==gKg5XI+BmK3d3ducHahR3ctlXawJjLz9WblVmLj9Wb
==gKg5XI+BmK=0WYrR3bvJmL5FGav9mLj9Wb
==gKg5XI+BmK3d3duIWaudmLj9Wb
==gKg5XI+BmK==wZv92ZsVmLj9Wb
==gKg5XI+BmK=c3d35SbpNmcvN3bmRnLj9Wb
==gKg5XI+BmK==QbpNmcvN3bmRnLj9Wb
http://
?win=4
open=autorun.exe
[autorun]
:\autorun.inf
==gKg5XI+BmK=cVauR2b3NHIIVGbwByUlJndpNWZ
==gKg5XI+BmKXlmbk92dzhUZsB3UlJndpNWZ
Windows Help Service
SetWinHoK
map/set<T> too long
Program Manager
<*ENUM*>
==gKg5XI+BmK=oSVupVawpCP
==gKg5XI+BmKqoVawpCP
==gKg5XI+BmK==gKDVHdQF2c0VmRpxWZzpCP
==gKg5XI+BmK=oyQvBXeQF2c0VmRpxWZzpCP
==gKg5XI+BmK=oCRlxWZ0VmRpxWZzpCP
==gKg5XI+BmK=wTIq82aqEiP
GetAllData
GetIEHistory
==gKg5XI+BmK=oyQslGci9WYyRGTvdmK
==gKg5XI+BmK=oySllHTvdmK
==gKg5XI+BmK==gKEVXbwhUazRnK
==gKg5XI+BmK==gKEVXbwBVYzNnK
==gKg5XI+BmK=oyUjNFavRnK
==gKg5XI+BmKqcUZ0ZUasVmK
" /s /q & exit
cmd /c RMDIR "
==gKg5XI+BmKqQUZsRUaypCP
==gKg5XI+BmKqEEZkRUaypCP
==gKg5XI+BmK==APqA2cppXZgpiP<%d>
==gKg5XI+BmK=oSRuVXbXlmbk92dzpCP
 is closed
 is open
The command completed successfully.
==gKg5XI+BmKqQVZs5WZ0pCP
==gKg5XI+BmK==gKHVGdSV2ZWFGb1VmK
==gKg5XI+BmK=oSRuVXbS92b0tUZ5NnK
==gKg5XI+BmK==gKF5WdttUZ5NnK
==gKg5XI+BmK==gKF5WdtdVauR2b3NnK
==gKg5XI+BmKqIVduNUbkpCf
==gKg5XI+BmKqcUZ0RkcpZXZzpCP
==gKg5XI+BmKqsUasxGUy92YlN3c
==gKg5XI+BmKqwUazRHUy92YlN3c
==gKg5XI+BmK==gKHVGdEJXa2V2cG9GbkVmc
==gKg5XI+BmKq8Ecl5GUGpyW
==gKg5XI+BmK==gKqMEbvNXZGlGblpiK
%d:%s:
error.renamefile
.renamefile
==gKg5XI+BmK=oiRpxWZTVmbkpCP
==gKg5XI+BmK=wTIqIVRSVlTqEiP
==gKg5XI+BmK==APhoySJxETqEiP
& RMDIR "%s" /s /q & DEL /q "%s"  & DEL /f /q "%s" & DEL /f  /q "%s" & DEL /f /q "%s" & DEL /f /q "%s" & DEL /f /q "%s" & sc stop %s & sc delete %s & exit
/c taskkill /f /PID 
==gKg5XI+BmK8EiKEVETqEiP
==gKg5XI+BmK==APhoSRuRGVhN3aqEiP
==gKg5XI+BmK8oCYF9kRgpiP
==gKg5XI+BmK8EiKj9mbuV2Y092aqEiP
==gKg5XI+BmK=wTIqIXZyVnbqEiP
==gKg5XI+BmK8EiKzV2Y1JXZk92aqEiP
<!*secure*!>
</PORT>
<PORT>
==gKg5XI+BmK3ZHalxGc
==gKg5XI+BmK==AXcdXauR3Y
==gKg5XI+BmK==AXcdXauRHc
:DLD-C0
DLD-C0:
:DLD-C
DLD-C:
:DLD-E
DLD-E:
:DLD-P
DLD-P:
:DLD-S
DLD-S:
?win=1
:DLD-D
DLD-D:
:DLD-ACT
DLD-ACT:
:DLD-USI
DLD-USI:
:DLD-NTI
DLD-NTI:
:DLD-IH2
DLD-IH2:
:DLD-IH1
DLD-IH1:
:DLD-IHC
DLD-IHC:
:DLD-PRT
DLD-PRT:
:DLD-IP
DLD-IP:
:DLD-ST
DLD-ST:
:DLD-SN
DLD-SN:
:DLD-RCH
DLD-RCH:
:DLD-RN
DLD-RN:
:DLD-RL
DLD-RL:
:DLD-TN
DLD-TN:
==gKg5XI+BmKcx1dp52clNmLkxGb
\Secure
==gKg5XI+BmK=0UajJ3bz9mZ0BCSlxGc
/c type "
Access Is Ok
==gKg5XI+BmKcx1dhN2YlN3c
WINDIR
127.0.0.1
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
ios_base::eofbit set
ios_base::failbit set
ios_base::badbit set
invalid string position
string too long
0123456789abcdefABCDEF
bad allocation
+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v+ $v $++$ v+$ v$ v++$ v$ +v
:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December
CorExitProcess
mscoree.dll
Unknown exception
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
Microsoft Visual C++ Runtime Library
Program: 
<program name unknown>
A buffer overrun has been detected which has corrupted the program's
internal state.  The program cannot safely continue execution and must
now be terminated.
Buffer overrun detected!
A security error of unknown cause has been detected which has
corrupted the program's internal state.  The program cannot safely
continue execution and must now be terminated.
Unknown security failure detected!
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
kernel32.dll
`h````
ppxxxx
(null)
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GAIsProcessorFeaturePresent
KERNEL32
runtime error 
TLOSS error
SING error
DOMAIN error
- This application cannot run using the active version of the Microsoft .NET Runtime
Please contact the application's support team for more information.
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Runtime Error!
Program: 
InitializeCriticalSectionAndSpinCount
Paraguay
Uruguay
Ecuador
Argentina
Colombia
Venezuela
Dominican Republic
South Africa
Panama
Luxembourg
Costa Rica
Switzerland
Guatemala
Canada
Spanish - Modern Sort
Australia
English
Austria
German
Belgium
Mexico
Spanish
Basque
Sweden
Swedish
Iceland
Icelandic
France
French
Finland
Finnish
Spanish - Traditional Sort
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
britain
america
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
1#QNAN
1#SNAN
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
GetDesktopWindow
SendMessageA
ReleaseDC
CloseClipboard
GetClientRect
GetClipboardData
OpenClipboard
BeginPaint
GetSystemMetrics
GetWindowTextW
GetWindowTextLengthW
GetForegroundWindow
GetKeyNameTextA
ToUnicodeEx
MapVirtualKeyExA
ToAscii
MapVirtualKeyA
GetKeyState
GetKeyboardState
GetKeyboardLayout
GetWindowThreadProcessId
CallNextHookEx
DefWindowProcA
CreateWindowExA
RegisterClassExA
MsgWaitForMultipleObjects
PeekMessageA
GetWindowTextA
IsWindowVisible
EnumWindows
USER32.dll
GetProcessMemoryInfo
PSAPI.DLL
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
OpenProcess
GetCurrentProcessId
FileTimeToSystemTime
ReadFile
SetFilePointer
GetFileSize
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingA
CreateFileA
WriteFile
SystemTimeToFileTime
GetLocalTime
LocalFileTimeToFileTime
CreateDirectoryA
GetFileAttributesA
GetCurrentDirectoryA
SetFileTime
GetModuleFileNameA
GetModuleHandleA
UnmapViewOfFile
GetTickCount
InterlockedDecrement
SetCurrentDirectoryA
FindClose
FindNextFileA
FindFirstFileA
GetVolumeInformationA
GetDriveTypeA
SetFileAttributesA
DeleteFileA
GetLastError
CreateProcessA
CreatePipe
WinExec
MoveFileA
GetCompressedFileSizeA
CopyFileA
GetComputerNameA
ExpandEnvironmentStringsA
GlobalUnlock
GlobalLock
CreateThread
CreateEventA
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcmpA
CopyFileExA
MultiByteToWideChar
WideCharToMultiByte
LocalFree
KERNEL32.dll
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GDI32.dll
SetServiceStatus
RegisterServiceCtrlHandlerA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
RegEnumValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
DeleteService
OpenServiceA
StartServiceCtrlDispatcherA
ADVAPI32.dll
ShellExecuteA
SHELL32.dll
CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
ole32.dll
OLEAUT32.dll
capCreateCaptureWindowA
AVICAP32.dll
DeleteUrlCacheEntry
InternetCloseHandle
WININET.dll
WS2_32.dll
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipCloneImage
GdiplusStartup
gdiplus.dll
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
ExitProcess
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
ExitThread
ResumeThread
RtlUnwind
GetCPInfo
GetTimeFormatA
GetDateFormatA
GetStartupInfoA
GetCommandLineA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapReAlloc
CompareStringA
CompareStringW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetOEMCP
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetTimeZoneInformation
VirtualProtect
GetSystemInfo
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
GetLocaleInfoW
SetStdHandle
SetEnvironmentVariableA
SetEndOfFile
FileTimeToLocalFileTime
RemoveDirectoryA
GetFullPathNameA
http://www.microsoft.com/en-us/default.aspx
!This program cannot be run in DOS mode.
*hRich]
`.rdata
@.data
T$PRVP
VWVVVVVVh
QQSVWd
t.;t$$t(
sVS;7|B;w
t!SS9]
VC20XC00U
u,h[~@
btFHt+
HHt`HHt\
t$<"u	3
QQSVW3
t#SSUP
t$$VSS
_^][YY
WWWWVSW
t2WWVPVSW
VWumhx
v	N+D$
HHtXHHtF
vBWSSSj
>:u>FV
VVVVVUWUUj
VVVVVj
PPPPPPPP
c:\windows\wvhelp.exe
c:\windows\
\Microsoft
Application Data
appdata
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
invalid string position
string too long
bad allocation
Unknown exception
Microsoft Visual C++ Runtime Library
Program: 
<program name unknown>
A buffer overrun has been detected which has corrupted the program's
internal state.  The program cannot safely continue execution and must
now be terminated.
Buffer overrun detected!
A security error of unknown cause has been detected which has
corrupted the program's internal state.  The program cannot safely
continue execution and must now be terminated.
Unknown security failure detected!
CorExitProcess
mscoree.dll
`h````
ppxxxx
(null)
runtime error 
TLOSS error
SING error
DOMAIN error
- This application cannot run using the active version of the Microsoft .NET Runtime
Please contact the application's support team for more information.
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Runtime Error!
Program: 
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
CopyFileA
GetCurrentProcess
GetModuleFileNameA
KERNEL32.dll
DefWindowProcA
CreateWindowExA
RegisterClassExA
USER32.dll
ShellExecuteA
SHELL32.dll
GetModuleBaseNameA
PSAPI.DLL
RtlUnwind
RaiseException
ExitProcess
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
SetUnhandledExceptionFilter
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
WriteFile
CloseHandle
ReadFile
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetProcAddress
TerminateProcess
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetLocaleInfoA
GetCPInfo
VirtualProtect
GetSystemInfo
VirtualQuery
LoadLibraryA
InterlockedExchange
FlushFileBuffers
SetStdHandle
CreateFileA
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
SetEndOfFile
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
CreateDirectoryA
GetFullPathNameA
GetCurrentDirectoryA
GetTimeZoneInformation
.?AVexception@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVbad_alloc@std@@
.?AVtype_info@@
.?AVexception@@
.?AVbad_cast@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AVlength_error@std@@
.?AV_com_error@@
.?AVfacet@locale@std@@
.?AV_Locimp@locale@std@@
.?AV?$_Iosb@H@std@@
.?AVios_base@std@@
.?AVruntime_error@std@@
.?AVfailure@ios_base@std@@
.?AVcodecvt_base@std@@
.?AUctype_base@std@@
.?AV?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV?$ctype@D@std@@
.?AV?$codecvt@DDH@std@@
.?AV?$numpunct@D@std@@
Copyright (c) 1992-2001 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
.?AVbad_alloc@std@@
.?AUmessages_base@std@@
.?AUmoney_base@std@@
.?AUtime_base@std@@
.?AV?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
.?AV?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
.?AV?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
.?AV?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
.?AV?$codecvt@_WDH@std@@
.?AV?$codecvt@GDH@std@@
.?AV?$ctype@_W@std@@
.?AV?$ctype@G@std@@
.?AV?$collate@_W@std@@
.?AV?$messages@_W@std@@
.?AV?$money_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
.?AV?$money_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
.?AV?$_Mpunct@_W@std@@
.?AV?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
.?AV?$collate@G@std@@
.?AV?$messages@G@std@@
.?AV?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
.?AV?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
.?AV?$_Mpunct@G@std@@
.?AV?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
.?AV?$numpunct@_W@std@@
.?AV?$numpunct@G@std@@
.?AV?$moneypunct@_W$0A@@std@@
.?AV?$moneypunct@_W$00@std@@
.?AV?$moneypunct@G$0A@@std@@
.?AV?$moneypunct@G$00@std@@
.?AV?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@
.?AV?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@
.?AV?$collate@D@std@@
.?AV?$messages@D@std@@
.?AV?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV?$_Mpunct@D@std@@
.?AV?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV?$moneypunct@D$0A@@std@@
.?AV?$moneypunct@D$00@std@@
.?AV?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AVtype_info@@
xxwxxx
wwwwxxp
xwwwqwwx
wwwwpvwx
xxwwww
xwwwwwwx
LDDFDx
xxwwwxx
DLDlle
wTLDDD
LDDLltLtle
wDDDDDDDLdD
wEDDDDDDDFLdLG
|\l|||
xwwDDDDDDDDLd
Ll||||l||
xDDDDDDDDDDdDD
||||l|||g
DDFDdDDDDlDLFLlD
xDDDDDFDDdDDDLDD
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwv|~
lflflflf
~v~|~wg
hhgnv~
wxwxxw
DDLDDD
tDFLLLL
xxxxxxxp
xxwwww
xxxwwxw
wDDDDDLDFLD
tDDDDDD
xtDDDDDLFD
DlLlLLL|g
DlFLll
DDDTlDD
FTdDEF
dDdlll|
DDTeFDDDDD
LTt\l||g
xwwwwwwwwwwwwwwwwwwww
xxwwwwwwwwwwwwwwvwF|
lflfffflg
|flflflf
ffvgfvgfvgl|gfv
DDLlLd
xxwwwwx
wwwxxxx
ulLDDLlF
wuDDDDD
wwDDDDDLD
Dll\||||
DDDDDDFDD
uDeFDdlD
wwwwwwwwvwwwwwwwwwwwvw
f|vv|g
xwwwwwwwggggh
wxwxwp
wxwwwww
LLlLLllll
@DFDDDDDD
wwwwwwwwwwwwwwwwwwwwt
fffffffflff
lf~llf
|llllllln
wwwwxx
wwwwww
DLL||v
tDDDDDDDlFG
tDDDDD
DLLegx
xwxwwww
DDDDDF
!"!"""
22272727278,b
"$"2$""926667798:7:.Z
$"666999999:9::9::<8U
6;6;99;9;;<;<<<<<V<:9
6H;;UUUUUU<VVVVVVVY?7
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM5UUYVYYYYYYY]Y]Y:
M5ZYY[Y[Y[[______?
moooooooooooooooooooomlloppmppmppmppppppppppppppppmppppmnml
M5Z[[\[`_`_`_```_?
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
5[\\``d`d`ddddddX
G\cddddddududueu]
Gcuuuuuuwuwuwwwwac
Icwuwuwwwwxxxxxxed
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
{lllmnlllplllplllnlllnllllnlllplllnlllnlllnlllnnlllnllllllll
%%&&&())))1x
'''((++////0>
'''+(++++000^
''''++//+001a
''''++++////1a
zxvuts
'''+'++//0**0=auss
''''(('',29HQ
()-....
()--.??GC?
&&)--..?@@@GCC
&''-+..??@@@GGGCm
&&''-+-..??@@CGKKGI\
&'')---.0DDDBBJJGKKIR
&&&'''//020DDBJJJKKKKMF
&&&'''//22DDDBMFJJMMQKOF
&&&'''+227DLLLLMMOMMQMQQO
    $  
%&&'&'++77L7LLNONOOOQQQQQR
#   $$$*
%%&&''++-777NNNONOSOSSTTTTY
#####$$$
&&&')99999RRRSSST_T___Y
"5588=89XYY_[_````_{
>X[[````a`aaw
>Z^`yayaaaayx
W]yyyyy
cbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbc
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbc
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbc
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbc
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbc
&&'++.??AGHHPP
&''+-.?@@GHHPP
&&'+,,?@@GHPPP
%&''+,??@AGHHPP
%&'',,.?@AHHPPQ
&&'++.??@JOX]{
*49>Wlt
#)))+++
(***.../.11,U
#0500066AAAA>G
*66DAGEEGEEHEE
0UGGIIHHKNNNOF
((DUU`MMbbbbbbbF
xxwwZZYYYXXXXXXXXYXXXYXXXXXXXYXXYYXXYXXXXXTbeeeeehhhO
Xgiiiooootd
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
Xlttttttt{nz
Xtyy{{{}|}u{
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
xxxwwwYYYYXYXYXYX
$$$<<<===O
 778899::p
!""788;??@~
!""87;99::m
7,>Gafr
R%3Q\_
q1#%%()>>>
###%(()??CC>}
## %((>>??EDFF
##$%(*)AABBEEGDEa
###$%*++AABBJEOGTGN
####./4444IJOOTTTL
!,,,1134NPRVVRQ
-:NXYddd^
-:Weefgf`
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
w8;_hhiihc
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
kjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjl
#$$')>?CDSSS
#$$')>?CDSSU
#$$')>?CDSS
#$'')>?CDSS
#$$')>CCDSS
##$'')?BGP`c
%%'''"U
$&&*****--)D
$,,,,555AAAAF
,677BBFFFGJGC
7DKKKLLNPPQQH
'KaadddeeefhhO
)aggggkklloooi
{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{
{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{
{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{
{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{
{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{
8899<<==@
889<<<=>R
889<<==>m
8889<<==>z
899<<==?
888:<<;;>p
",E\s~
j\*$)///l
#$//@FDFf
#$+1@AELLL`
#$+/@@AGMOQO]
!$&+055HGSMQQQR
!!&$177RRSSUXXUT
xttttutttttttttttutttttttttttx
vttttttttttttttttttttttttttttt
uttttttttttttttttttttttttttttt
xttttttttttttttttttttttttttttv
##/@ADNVWa
#$+1ELNVWs
&&1?EKQXY
9:>bep
'++,001>^
/22FHHICY
HXKZZ[\L]
ggggggggggggggggggggg
ggggggggggggggggggggg
ggggggggggggggggggggg
ggggggggggggggggggggg
$4;<?@
!$4<<?B
#457?8M
`ll`LJ
m^WYcl~sA0#~e
!"--,zed
 4<<:91und
BBBBBBBBBBBBBBB
BBBBBBBBBBBBBBB
BBBBBBBBBBBBBBB
,MGeY>
L)u%	B
`a4dss
.^Xbyy
.%Ir1W
60-`Z^tm
I%h e	
x<FD8<<
NMk-S_
h0SR9 
TiReX^HXZ
!Zb,L|
%2v:6D
SZ@aTx
.jVVW(
Y|ouv`W&
!|D&D%
[v,N01
a\x[Y{-
1Be`S%
1lmmUEA"<
j$`QLY[
PJqxxH
988dsSy
S8mJ@I
g>#eQ<
gDbM'y
X^^fmm
NIR7@D
Y\Zfyy
YZYfiq
$*!U	I"
`MUwO%)
v'cq]B
y?O8G^Z
e0o5t8
C[9`@4]
P[0l 7
'''1;;
8NHhQJ
tjDNL*
9u-D>O
GIDATll
`g2a.A
@[09:!
188XZ^^
a``` N
@w.A]_ko
[VWW155
,--azz
e9R{x]
:\uAOBJ
HqEXZZ2|
qqqckkk(
wwwLyyy
&677Q^__~DDDf
iii5\\\
;;;_uuu
"""#WWYS~~~
iil7ttw`
KKM+OORS
pprAxx{w
'''Booo
LLNJssw
555%MMPIvvyu
MMO?]]`n
1eeelttx
uwwwXttt*ttt
E899a99:ZnnnZ
#FFFtyyy
@@B0ooq
JJL5jjlf
??A0[[^L}}
pps7tuxf
M++,K0001
222-[[Z
JJLP||
?>@8__ajxy|
??A1rtwaty}
DLD-VR:v2:DLD-VR:DLD-TN:69@120@112@108@111@115@105@118@101@45@56@48@:DLD-TN
DLD-RCH:false:DLD-RCH
DLD-RL:0:DLD-RLCDLD-RN:87@105@110@100@111@119@115@32@72@101@108@112@101@114@:DLD-RN%DLD-SN:72@101@108@112@101@114@:DLD-SN%DLD-ST:72@101@108@112@101@114@:DLD-ST
DLD-IHC:true:DLD-IHC
DLD-IH1:13:DLD-IH1
DLD-IH2:16:DLD-IH2
DLD-NTI:500:DLD-NTI/DLD-IP:54@57@46@54@52@46@57@48@46@57@52@:DLD-IP
DLD-PRT:56@48@:DLD-PRT
DLD-USA:0:DLD-USA
DLD-USI:true:DLD-USI
DLD-ACT:true:DLD-ACT
DLD-D:104@116@116@112@58@47@47@115@97@118@101@119@101@98@46@119@105@110@107@46@119@115@47@118@50@47@56@48@47@105@110@100@101@120@46@112@104@112@:DLD-D
DLD-S:redotntexplore:DLD-SEDLD-P:47@118@50@47@56@48@47@105@110@100@101@120@46@112@104@112@:DLD-P
DLD-E:.info:DLD-EYDLD-C:119@105@110@100@111@119@115@45@104@101@108@112@45@115@101@114@118@105@99@101@:DLD-C[DLD-C0:119@105@110@100@111@119@115@45@104@101@108@112@45@115@101@114@118@105@99@101@:DLD-C0.