| Analysis Date | 2015-11-30 14:50:27 |
|---|---|
| MD5 | ad1146f8ba89baf442b1901b729e73a3 |
| SHA1 | 11b211e478959857cb7629f5bf1c6beb034f703b |
Static Details:
| File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
|---|---|---|
| Section | .text md5: 60aabd821c768bffdd374cb4b3fc995c sha1: a97ee052d9f0a89e72d4da626c8f1803b3ae39b8 size: 284672 | |
| Section | .rdata md5: a505c021efbc0e93f9abee2bcb676cc7 sha1: b38c1ed0f3d12ff50ebf3c5f6b1beefec8b837e7 size: 39424 | |
| Section | .data md5: cd74c3b0b9b9965bfcf95e78f21592ae sha1: 1d91d30b3db60bb5d8d3b40c9928a45225704b23 size: 7168 | |
| Timestamp | 2015-11-23 03:16:18 | |
| Packer | Microsoft Visual C++ ?.? | |
| PEhash | d214f8af3e5eccfd42ae77680a340e1023d8a10c | |
| IMPhash | 1a781b7847edf8cc6708f4075f749ec4 | |
| AV | Ad-Aware Command-Line | Trojan.GenericKD.2894382 |
| AV | ArcaVir Antivirus | Trojan.GenericKD.2894382 |
| AV | Avast! Antivirus | Malware-gen:Win32:Malware-gen |
| AV | AVG AntiVirus | Dropper.Generic_r.EC |
| AV | Avira Antivirus | TR/Crypt.ZPACK.217554 |
| AV | Bitdefender Command-Line | Trojan.GenericKD.2894382 |
| AV | BullGuard Antivirus | Trojan.GenericKD.2894382 |
| AV | ClamWin Antivirus | No Virus |
| AV | Command Anti-Malware | W32/Kazy.EW.gen!Eldorado:Security risk |
| AV | Dr. Web Anti-virus | No Virus |
| AV | Emsisoft Command-Line Scanner | Trojan.GenericKD.2894382 |
| AV | eScan Anti-Virus | No Virus |
| AV | ESET NOD32 Antivirus | Win32/Bayrob.AD |
| AV | Fortinet Command-Line Scanner | W32/Bayrob.AD!tr |
| AV | F-PROT Antivirus | No Virus |
| AV | F-Secure Anti-Virus | Trojan.GenericKD.2894382 |
| AV | Ikarus Command-Line Scanner | No Virus |
| AV | K7 Anti-Virus | Trojan ( 004d79c41 ) |
| AV | Kaspersky Anti-Virus | Trojan.Win32.Tinba.yuh |
| AV | MalwareBytes Anti-Malware | No Virus |
| AV | McAfee Command-Line Scanner | BackDoor-FCYZ!AD1146F8BA89 |
| AV | Microsoft Security Essentials | TrojanSpy:Win32/Nivdort.CE:Trojan |
| AV | Padvish Antivirus | No Virus |
| AV | Quick Heal AntiVirus | No Virus |
| AV | Rising Command-Line Scanner | No Virus |
| AV | Symantec Command-Line Scanner | No Virus |
| AV | Total Defense Internet Security Suite | No Virus |
| AV | Trend Micro System Cleaner | No Virus |
| AV | Twister Antivirus | No Virus |
| AV | VirusBlokAda Console Scanner | No Virus |
| AV | Zillya! Antivirus | No Virus |
Runtime Details:
| Screenshot |  |
|---|
Process
↳ C:\malware.exe
| Creates File | C:\zktgkjakld\ig1ghszknple0yoq8.exe |
|---|---|
| Creates File | C:\zktgkjakld\fpzipn |
| Creates File | C:\WINDOWS\zktgkjakld\fpzipn |
| Deletes File | C:\WINDOWS\zktgkjakld\fpzipn |
| Creates Process | C:\zktgkjakld\ig1ghszknple0yoq8.exe |
Process
↳ C:\zktgkjakld\ig1ghszknple0yoq8.exe
| Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Audio UserMode Player KtmRm Program ➝ C:\zktgkjakld\regtcrxs.exe |
|---|---|
| Creates File | C:\zktgkjakld\regtcrxs.exe |
| Creates File | C:\zktgkjakld\fpzipn |
| Creates File | PIPE\lsarpc |
| Creates File | C:\zktgkjakld\ipkwmlcbze |
| Creates File | C:\WINDOWS\zktgkjakld\fpzipn |
| Deletes File | C:\WINDOWS\zktgkjakld\fpzipn |
| Creates Process | C:\zktgkjakld\regtcrxs.exe |
| Creates Service | Biometric Layer TP Video PNRP Notification - C:\zktgkjakld\regtcrxs.exe |
Process
↳ C:\WINDOWS\system32\svchost.exe
Process
↳ Pid 816
Process
↳ Pid 864
Process
↳ C:\WINDOWS\System32\svchost.exe
| Creates File | C:\WINDOWS\Prefetch\RUNDLL32.EXE-1BC69D2D.pf |
|---|---|
| Creates File | C:\WINDOWS\Prefetch\IG1GHSZKNPLE0YOQ8.EXE-0BC1D43C.pf |
| Creates File | C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf |
| Creates File | C:\WINDOWS\Prefetch\NET1.EXE-029B9DB4.pf |
| Creates File | C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf |
| Creates File | C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf |
| Creates File | C:\WINDOWS\Prefetch\READER_SL.EXE-3614FA6E.pf |
| Creates File | C:\WINDOWS\Prefetch\monitor.exe-1949D260.pf |
| Creates File | C:\WINDOWS\Prefetch\SCCWHPDIR.EXE-156EA7E4.pf |
| Creates File | C:\WINDOWS\system32\WBEM\Logs\wbemess.log |
| Creates File | C:\WINDOWS\Prefetch\REGTCRXS.EXE-1CFABDCF.pf |
| Creates File | C:\WINDOWS\Prefetch\svchost.EXE-0C867EC1.pf |
Process
↳ Pid 1220
Process
↳ Pid 1308
Process
↳ Pid 1864
Process
↳ Pid 1968
Process
↳ C:\zktgkjakld\regtcrxs.exe
| Creates File | pipe\net\NtControlPipe10 |
|---|---|
| Creates File | C:\zktgkjakld\sccwhpdir.exe |
| Creates File | C:\zktgkjakld\fpzipn |
| Creates File | C:\zktgkjakld\ipkwmlcbze |
| Creates File | \Device\Afd\Endpoint |
| Creates File | C:\zktgkjakld\qunv4ux |
| Creates File | C:\WINDOWS\zktgkjakld\fpzipn |
| Deletes File | C:\WINDOWS\zktgkjakld\fpzipn |
| Creates Process | dcycexlqh1ei "c:\zktgkjakld\regtcrxs.exe" |
Process
↳ C:\zktgkjakld\regtcrxs.exe
| Creates File | C:\zktgkjakld\fpzipn |
|---|---|
| Creates File | C:\WINDOWS\zktgkjakld\fpzipn |
| Deletes File | C:\WINDOWS\zktgkjakld\fpzipn |
Process
↳ dcycexlqh1ei "c:\zktgkjakld\regtcrxs.exe"
| Creates File | C:\zktgkjakld\fpzipn |
|---|---|
| Creates File | C:\WINDOWS\zktgkjakld\fpzipn |
| Deletes File | C:\WINDOWS\zktgkjakld\fpzipn |
Network Details:
Raw Pcap
0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2063 : close..Host: c 0x00000040 (00064) 68696566 6170706c 652e6e65 740d0a0d hiefapple.net... 0x00000050 (00080) 0a . 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2063 : close..Host: c 0x00000040 (00064) 68696566 6275696c 742e6e65 740d0a0d hiefbuilt.net... 0x00000050 (00080) 0a . 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2074 : close..Host: t 0x00000040 (00064) 77656c76 65627569 6c742e6e 65740d0a welvebuilt.net.. 0x00000050 (00080) 0d0a .. 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2074 : close..Host: t 0x00000040 (00064) 77656c76 65636172 72792e6e 65740d0a welvecarry.net.. 0x00000050 (00080) 0d0a .. 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a206d : close..Host: m 0x00000040 (00064) 6f726e69 6e676170 706c652e 6e65740d orningapple.net. 0x00000050 (00080) 0a0d0a ... 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2073 : close..Host: s 0x00000040 (00064) 7472616e 67656170 706c652e 6e65740d trangeapple.net. 0x00000050 (00080) 0a0d0a ... 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2077 : close..Host: w 0x00000040 (00064) 65617468 65726661 74686572 2e6e6574 eatherfather.net 0x00000050 (00080) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2077 : close..Host: w 0x00000040 (00064) 65617468 65726275 696c742e 6e65740d eatherbuilt.net. 0x00000050 (00080) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2074 : close..Host: t 0x00000040 (00064) 6869636b 6170706c 652e6e65 740d0a0d hickapple.net... 0x00000050 (00080) 0a0d0a0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2070 : close..Host: p 0x00000040 (00064) 72657365 6e746d65 61737572 652e6e65 resentmeasure.ne 0x00000050 (00080) 740d0a0d 0a t.... 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2063 : close..Host: c 0x00000040 (00064) 6f6c6c65 67656d65 61737572 652e6e65 ollegemeasure.ne 0x00000050 (00080) 740d0a0d 0a t.... 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2063 : close..Host: c 0x00000040 (00064) 6f6c6c65 67656166 72616964 2e6e6574 ollegeafraid.net 0x00000050 (00080) 0d0a0d0a 0a ..... 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2063 : close..Host: c 0x00000040 (00064) 6f6c6c65 67656369 72636c65 2e6e6574 ollegecircle.net 0x00000050 (00080) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2074 : close..Host: t 0x00000040 (00064) 68696e6b 616c7761 79732e6e 65740d0a hinkalways.net.. 0x00000050 (00080) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2070 : close..Host: p 0x00000040 (00064) 72657365 6e74616c 77617973 2e6e6574 resentalways.net 0x00000050 (00080) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2074 : close..Host: t 0x00000040 (00064) 68696e6b 666f7265 73742e6e 65740d0a hinkforest.net.. 0x00000050 (00080) 0d0a0d0a .... 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a206d : close..Host: m 0x00000040 (00064) 6f726e69 6e677768 6561742e 6e65740d orningwheat.net. 0x00000050 (00080) 0a0d0a0a ....
Strings
\
.
"
\
.
-E-
-0
-0010+-0
-0
.
00-+
.00-+ *00-+
.
-e-
.
.
-e-
.
CC
\
0
0
-
,
>
..
-
0
0
-
-
--
..
.
u
- abort() has been called
ADVAPI32.DLL
April
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
CONOUT$
- CRT not initialized
dddd, MMMM dd, yyyy
December
DMicrosoft Visual C++ Runtime Library
DOMAIN error
EKERNEL32.DLL
February
- floating point support not loaded
Friday
H
((((( H
h(((( H
HH:mm:ss
January
jjjjj
July
June
March
MM/dd/yy
Monday
mscoree.dll
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
(null)
October
Program:
<program name unknown>
- pure virtual function call
R6002
R6008
R6009
R6010
R6016
R6017
R6018
R6019
R6024
R6025
R6026
R6027
R6028
R6030
R6031
R6032
R6033
runtime error
Runtime Error!
Saturday
September
SING error
Sunday
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
Thursday
TLOSS error
Tuesday
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
Wednesday
WUSER32.DLL
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
<0|L<9
0t1HHt
0Wh$>E
1#QNAN
1#SNAN
*2Kvq#
\3kkH`v
;7|G;p
8vayle judqest vslib vtcoynl apizdi hfdoezzye pganoa rkbu nrbufu ecfsiflwef atfn xfjoujs osocj dnogesdu caajigu pepsagjil ldbe bqcezmpoj zzgonpm dnyibg chujovxpot bfbupgs npgu flemovzavu igbuesi xgfugyno lpfoemzj eeiue smyakmvis gsyebnvejm pfio fhfukpfa djefoj puecdeadlz elpifikwq zmrugpp paapsiu sgsu bgno jzxol zmb vojbofr obxjeiidt gbgioogimu nsfepsoqew vjuz naafmixmdi cya kjn hmnujl riopbes ljoveod nflec zvpabcqeb gdoeosu dbyaj uoahdwelbi mgpaafegc rbso cbdenvbam eqkn zbame mujyiuxufb usqpa moxjism bmsipmeeci hmnicjco ptcajvjix burfepo fzonen cmcob tvsuif ubdtav tueahkad pddorlqa ziyiaqagq jjmeuippy mufdoalev meseuidago lcnazpizo itcfius noixilojo amgb lfyebm drobi a
A~]4/=
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
`adjustor{
america
american
american english
american-english
`anonymous namespace'
AtJHt4Hu
<at,<rt"<wt
August
australian
.?AVbad_alloc@std@@
.?AVbad_alloc@stdext@@
.?AVbad_cast@std@@
.?AVbad_exception@std@@
.?AVbad_typeid@std@@
.?AVexception@std@@
.?AVexception@stdext@@
.?AVinvalid_argument@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AV__non_rtti_object@std@@
.?AVout_of_range@std@@
.?AVoverflow_error@std@@
.?AVruntime_error@std@@
.?AVtype_info@@
bad allocation
bad exception
baqfabpmu jnqicldon ljxule jrezuz umybaqbm tccuqcd kvfocfsidb btpidr vgfopfh lltodg ukbkemddo bmsitmbene fcvu czjo wpu lwcuugibes vdbiyzxom bnleilvdu ieoybh rjverbc lskayr zou geushuw wyhicajsu snpeffma enfgognbo itgfubs efst euycqik ptzoi bruodi jtcar sbkirseb bdc daoe lgcescoiyi qbrojecm uhcjantole hgdelbur gifdayxce betreijeea pipzicos aacjxes dcbogtz suupmoug fdjutej idqcesbduc lffanndam jdronppe gjduu bmgopppu fvcas jlf rmjuiclfib fxca bejzal gmdizine ajufrapli lid pgfu hlaufop mdojonocp pml ipg lufdi jutqi leuels ecgde cslobmek qbvensu jlipox bijferd czsei gffadekin zfgusizwii fzligpbidv wogxocz emalq fbbec jorjovn snnap cmjauyna wfwoelloce mqeo znzatpul kjbemfdo silb ldz xjvooff nsviraocp cqfejjmoif jucgo xscambu mafcic
Base Class Array'
Base Class Descriptor at (
__based(
belgian
britain
canadian
Cb.#|Y
__cdecl
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
CHPjPV
class
Class Hierarchy Descriptor'
cli::array<
cli::pin_ptr<
CloseHandle
CLPjQV
__clrcall
coclass
cointerface
CompareStringW
Complete Object Locator'
const
`copy constructor closure'
CorExitProcess
C PjPV
C$PjQV
C.PjRV
C/PjSV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
CreateFileA
CreateFileW
cy6l{i
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
delete
delete[]
DeleteCriticalSection
double
Dtl>Fw
dutch-belgian
`dynamic atexit destructor for '
`dynamic initializer for '
__eabi
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
<ellipsis>
,<ellipsis>
EncodePointer
england
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
EnterCriticalSection
EnumSystemLocalesA
eumlceefmo yrsuagamce rfwoofg hoajfiszdu ldr dnto fcugegzjad ivkiuyobd fuph nlkurc cijnecgzab cztupszi nkatiggg dgbepydel bcugugvjop mlfae sjup zjmullb lfcescsu jbpigq jnl bplob caz pmifibjja dwv gednapion jdnoazdl qksugm irrewo ruo lbbuhetj foiu mcfieesxg urvtao ljno osaeabpun unymiturfa dscu agysoifc umkrawmhan cnwebnza lmma cmdoxfxuim bcdepweco mqgimsmi rpfin uaui sibf hda dbbaboz lpopadjdip ibwfaj vdnaagqto lfvogd ddpeozouj fwi udbf hziamanij crna bsnef fnyov iec gflajdsui qdluiihxx ndoe bpupupgji fqtoj afsxap gkqelbw jmg fcilaij qlf lchepdnidi rctiqjb kocqosgaco loumz bmrevu bfqax dpjun nbcusbt tzvuil arbubei mpcaf hbawefge fuse pqm owwpucbda cdieiab tegheezdgu cppegs qlzoj difvem lopsunfe wtlod bzjevqob nocci nsraneyric bbt mliqappq mbv zzgogdral tvwijlsaj cbmuoy
ExitProcess
extern "C"
F0Pj.S
F4Pj/S
F8PjDS
__fastcall
FatalAppExitA
FDPjGS
FdPjOS
February
FhPj8S
FHPjHS
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileExA
{flat}
FlPj9S
FLPjIS
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
F<PjES
F@PjFS
F\PjMS
F`PjNS
F|Pj=S
F Pj*S
F,Pj-S
F(Pj,S
F$Pj+Sj
FPPjJS
FpPj:S
FreeEnvironmentStringsW
FreeLibrary
french-belgian
french-canadian
french-luxembourg
french-swiss
Friday
Ft,Ot OtFOt#OuV
FTPjKS
FtPj;S
FXPjLS
FxPj<S
generic-type-
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
GetACP
GetActiveWindow
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetCPInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDriveTypeA
GetDriveTypeW
GetEnvironmentStringsW
GetFileInformationByHandle
GetFileType
GetFullPathNameA
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserObjectInformationW
gfnavb nlbe zrveasal dnosanqh zjvi iomefvam gsmug cdlot frludjjiu gjsopf cbg bjheg slo tusjene lkiweqgne nugsaaerq ynhencluvc dtedeoitf hibrulsm eclcuxejnu dasgilsz igryophl dzu nhjom rysu screejs cfriszy pftijbmaiz ebnvaemfep olglaenm vclic lmn pgc zcetef jxgayfli uhj drlafwwo opeigco smicusjzi kdaunoddt hryefvi fytoasd ablu mguy bvm cnesa dcved tbnixt ajtsimlese icet nefc ddax bpucojlon vtaloairft lnpovlip dtp jedzojbb onernogfca hhmafdj vjufe myfeps nac mduapeu yjtek mbboiyz tjlobgsocj nll zfmiffhuc cogju axdgiatzm dfiape mldef gsjalusbo dffebdfiew bgrahll obbpisqt majmohgpiu jepigic mvge rnesusj ddca fcbarnape nlbegda encivien qclodexp qtgo jesmu rclaaj cddagsopi zjdujjgoc humt gpdintaju dix fazber uesffaclpu uqf
great britain
`h````
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSetInformation
HeapSize
`h`hhh
HH:mm:ss
HHt*HHt
HHtiHHt
HHtXHHt
HHtYHHt
holland
hong-kong
I7NyE(
?If90t
If90t
InitializeCriticalSectionAndSpinCount
__int128
__int16
__int32
__int64
__int8
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
invalid map/set<T> iterator
invalid string position
irish-english
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
italian-swiss
<it|<otx<utt<xtp<Xtl
JanFebMarAprMayJunJulAugSepOctNovDec
January
j@hDBE
Jjr'q^
j@j ^V
j"X_^[]
KERNEL32.dll
@koffge sngexzno jjbimc mjzaa odadqeg aeignjomv ilfziasw dfiloidgla ojcfoodvp oatxno myajebo sebq upggil zsk zokp sjcec edaw rufor ttqastvecs fcralgl xddizned tavker bxue kyiwu erjfag vimnomot ubuevsu reewb glnal adxkoanb tudf okgxaxij lfuciuruci ljgasujh avwerez rjmuni bejcutr siw gcoatuueo jyfulqgudf srjanc fbb gldeymon kjgo ucctolceb yubuem jqgebils rsvonbbic agxhe ugdyobfjep girdelpse puntiiljni gdool jatri ddtob gltefqwal ugcutig oqewnuf vjhies idodfupe dvbodkpanf kep gfcovhl fseih nxpilfcobg jlpaa bsbeciszuo obnsiie ezm vezd velbe ydouqoemza dcoid lfwu jllissfuof dqv erptiosvm emufguycva vthe edrtelgmu dzjutmd aju frfasncipc ffkomloje mbc zrfocgm ngbelsbiiz eczzeokW
kWQ*JU
LC_ALL
LC_COLLATE
LC_CTYPE
LCMapStringW
LC_MONETARY
LC_NUMERIC
LC_TIME
LeaveCriticalSection
LoadLibraryW
`local static destructor helper'
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
MessageBoxW
MM/dd/yy
Monday
MultiByteToWideChar
new[]
new-zealand
Nn|G%Z
`non-type-template-parameter
norwegian
norwegian-bokmal
norwegian-nynorsk
Norwegian-Nynorsk
November
(null)
nUnuacpiv jbacozi jifsinqsof dbzaz arz aeaonfj bbneii zfcithv ctnejvni dsfu drjul ibhnoeg ocrvafbbo vcfoc ouxt zcsaza fud oeusxpipe etengiljv lxzainsjip bksuuefj jij auezwxobc gwqencp ajzlu alfbephumi xqd iyrzosm bdga onzjoldjug vznak ozuupomeod vfde vpdu fiwqijbza rjugucma ahzt lcjosflez gpie bpoag suvk fdmajpunuv nrofonmja dishaahm pezoj wuhuelipp ochtim xyve ddbijfdu vtaifefb duecc xbli qorfacmo flxefc frg ixozropoly jdeb wpdo ffxir bkd pirfee llijiibb sswoe vogcuqtba nzjevoell rfj ffl nnkiepne ptcazkbeix rzuviczniv vcakejjpe noihfo akgdo ionnd mfdeppb lligobcb anjumirn xpnemfeve tfnupmey jimiaet bbqihbacu cmlubsune nvmixvh dslafhlajx iembu spuurudqg omutlanb zcn cilmuapo matkir acli rhdu ifmp jkdopjus ltg ccaniybisoz
October
`omni callsig'
operator
__pascal
PeekNamedPipe
Pf95d>E
`placement delete closure'
`placement delete[] closure'
/pocou gju davligj bsqe nnqujbu cvtubpkeig htbeizlje pcrirwg jksumgep rrcuuspf facu fkebaddwo ogido csavuce man gpcuhj cfpoqq ftvanfzo uvfdexovda yoh ziabridk ftg fifeco bti xvitabzjeo vssufrt rpgi pogjovm jdfapk dihoaqoar bjrax asu babber kbtiuggfi fpcel cmt xfceaj pdimeomg gjdewvamau ngmutm uxnuije lldaua nzmonrcap shajiqcg cwaasijuzj utah bua vcde pilgepao zhpofx jtunuu imgjeidcd zdnucgo olx jzehavm zglal paeu zfmuia wdbagoq ajzqui vjmaojfguv lsmoudp depjugjlat dkcaibm tzdun bclacatl zgwufjjij riogqi lmofewwu spju cmcejrq nvmongke larcib stfilsdooq jrbif gnj jmtevbba nacj oxlbaqrsa poddunf oognjig jag tukur zfzervvezt gvuru oydjuaofgo nbp lpe iiwsp ldmobjhueg asmoseftle zljors kcgibc inuroqi fnxipppa
portuguese-brazilian
PPPPPPPP
pr china
pr-china
private:
protected:
__ptr64
public:
puerto-rico
qn&{;
QQSVWd
QueryPerformanceCounter
RaiseException
`.rdata
ReadFile
__restrict
RtlUnwind
Saturday
`scalar deleting destructor'
September
SetConsoleCtrlHandler
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
short
signed
sj@hDBE
slovak
south africa
south-africa
south korea
south-korea
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
^SSSSS
static
__stdcall
std::nullptr_t
`string'
string too long
struct
Sunday
SunMonTueWedThuFriSat
swedish-finland
SystemFunction036
t4<@t;V
tCHt(Ht
`template-parameter
template-parameter-
`template static data member constructor helper'
`template static data member destructor helper'
TerminateProcess
<?tG<Xt
+t HHt
__thiscall
!This program cannot be run in DOS mode.
throw(
[thunk]:
Thursday
tI<A|2<P
<@tJ!~
< tK< tG
tK<_t<<$t8<<t4<>t0<-t,<a|
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
tM<it-<ot)<ut%<xt!<Xt
<\tM</tI
%tnmeb mswaqtz gmovuvsduh raurg onlt ckxabjen bggecrc nasofam ofafec mgj komfedt nwg dvwasgdup mssewrr bszincoluv cpcuefl viqzopzf mbtig lmcoeq ojendesf pkgaigeaco tmgic cdl ajdawoll abozzi lbfey oslogiddo lbnozzv fgfuro tmruqled potr gcgijzfu jragojm nbcujnfulj gmiunof jccurmuram uviebbil fvyi floben apm lgjapbjoir ribkerv msbuq bsgofas tfaxoibsc icp iajerulo smtal lmea sdis gtned busj ccuq dst xlarattb rsmeijclog adccemo cyloml axhecehsp bslohvpulv sjkupulp ngcovmso dyfa iuj kjiucos ngpoabnz uhfag eqbsijollu osoozal aqnyufl acd zxpukffacp bbudagcora ugvono aujydai pdva amnb ptnuiaheo lbfarmgu xacler agmcuus uav icc sumjeia ozcimub gcp umdd otgwe lczurbpatc megd stoitoar bduvoo kgtngea
to=@'E
tp<@tl
.t|PVj@
tR99u2
t*=RCC
trinidad & tobago
T%S6,S
t"SS9] u
<+t"<-t
Tt^HtTHtJHt
t]<@tS<Zt
t$<"u 3
Tuesday
;t$,v-
t VV9u
Type Descriptor'
`typeof'
>:u8FV
`udt returning'
__unaligned
UnhandledExceptionFilter
UNICODE
union
united-kingdom
united-states
<unknown>
UNKNOWN
`unknown ecsu'
unknown exception
Unknown exception
unsigned
UQPXY]Y[
URPQQh
UTF-16LE
Uun8g&y
uZSSSP
v4;5t'E
`vbase destructor'
`vbtable'
`vcall'
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
vector<T> too long
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
virtual
`virtual displacement map'
v N+D$
volatile
volatile
volatile
VPPPPP
`vtordisp{
`vtordispex{
VVVVVQRSSj
v_" <Z
__w64
wchar_t
Wednesday
WideCharToMultiByte
WriteConsoleW
WriteFile
wWrFg%l
xo!`b8
xppwpp
xpxxxx
Yh.C{x#]nk
Yog4`x
<z~$<A|