Analysis Date2014-10-13 23:14:13
MD5fef95677507e8de23f07ff092c4355d2
SHA111bd6385cc24446d4c9d6da0f615a1c2afb3884e

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 9f16bb2994892aa785a8b0b5ec39e616 sha1: 96d0bf10e275d441313d87de065090fbb5d4f45f size: 742400
Section.rdata md5: ecd0fab5d418a45e2a1618d60d15e70d sha1: 4306407d2ead3300fc9b72dd678a9238137caa30 size: 33792
Section.data md5: 0f1305fa11917f65a6882b63561aca26 sha1: fdd99cc92e95f5c86c96d94df2d1990dedeeb112 size: 123392
Timestamp2013-11-21 06:51:37
PackerMicrosoft Visual C++ ?.?
PEhash8b9ef80a61acfc0a0ce1c9f6615e2e1dce3957cf
IMPhash4dfd9a3fd6fd585700fd5d1edc9e0411
AV360 SafeGen:Variant.Symmi.22722
AVAd-AwareGen:Variant.Symmi.22722
AVAlwil (avast)no_virus
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Symmi.AH.gen!Eldorado
AVAvira (antivir)no_virus
AVBullGuardGen:Variant.Symmi.22722
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftGen:Variant.Symmi.22722
AVEset (nod32)Win32/Kryptik.BQWI
AVFortinetW32/Kryptik.BCFJ!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Symmi.22722
AVGrisoft (avg)Win32/Cryptor
AVIkarusTrojan.Win32.Spy
AVK7no_virus
AVKasperskyTrojan.Win32.Generic:Trojan.Win32.PEF.pf.silent.175154:Trojan.Win32.PEF.pf.silent.181830:Trojan.Win32.PEF.pf.silent.374886:Trojan.Win32.PEF.pf.silent.375904:Trojan.Win32.PEF.pf.silent.376942:Trojan.Win32.PEF.pf.silent.377697:Trojan.Win32.PEF.pf.silent.378515:Trojan.Win32.PEF.pf.silent.379237:Trojan.Win32.PEF.pf.silent.380145:Trojan.Win32.PEF.pf.silent.380997:Trojan.Win32.PEF.pf.silent.416452:Trojan.Win32.PEF.pf.silent.432810:Trojan.Win32.PEF.pf.silent.445825:Trojan.Win32.PEF.pf.silent.454569
AVMalwareBytesno_virus
AVMcafeeno_virus
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort.Y
AVMicroWorld (escan)Gen:Variant.Symmi.22722
AVNormanno_virus
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend MicroTSPY_NIVDORT.SMA
AVVirusBlokAda (vba32)no_virus
AVYara APTno_virus
AVZillya!no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\uresfp1m0zrdnzj0vac4.exe
Creates FileC:\WINDOWS\system32\zebajflqkdygw\tst
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\uresfp1m0zrdnzj0vac4.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\uresfp1m0zrdnzj0vac4.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Accounts Link-Layer Backup Plug TP ➝
C:\WINDOWS\system32\vykeyqsl.exe
Creates FileC:\WINDOWS\system32\vykeyqsl.exe
Creates FileC:\WINDOWS\system32\drivers\etc\hosts
Creates FileC:\WINDOWS\system32\zebajflqkdygw\lck
Creates FileC:\WINDOWS\system32\zebajflqkdygw\etc
Creates FileC:\WINDOWS\system32\zebajflqkdygw\tst
Deletes FileC:\WINDOWS\system32\\drivers\etc\hosts
Creates ProcessC:\WINDOWS\system32\vykeyqsl.exe
Creates ServiceProgram Proxy Socket Routing Filtering - C:\WINDOWS\system32\vykeyqsl.exe

Process
↳ Pid 808

Process
↳ Pid 852

Process
↳ C:\WINDOWS\System32\svchost.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\List of event-active namespaces ➝
NULL
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG
Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log

Process
↳ Pid 1112

Process
↳ Pid 1208

Process
↳ C:\WINDOWS\system32\spoolsv.exe

Process
↳ Pid 1136

Process
↳ C:\WINDOWS\system32\vykeyqsl.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝
1
Creates FileC:\WINDOWS\system32\zluzfil.exe
Creates FileC:\WINDOWS\system32\zebajflqkdygw\lck
Creates FileC:\WINDOWS\system32\zebajflqkdygw\cfg
Creates FileC:\WINDOWS\system32\zebajflqkdygw\rng
Creates Filepipe\net\NtControlPipe10
Creates FileC:\WINDOWS\system32\zebajflqkdygw\run
Creates FileC:\WINDOWS\TEMP\uresfp1s3ardnz.exe
Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\system32\zebajflqkdygw\tst
Creates ProcessC:\WINDOWS\TEMP\uresfp1s3ardnz.exe -r 24776 tcp
Creates ProcessWATCHDOGPROC "c:\windows\system32\vykeyqsl.exe"

Process
↳ C:\WINDOWS\system32\vykeyqsl.exe

Creates FileC:\WINDOWS\system32\zebajflqkdygw\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\vykeyqsl.exe"

Creates FileC:\WINDOWS\system32\zebajflqkdygw\tst

Process
↳ C:\WINDOWS\TEMP\uresfp1s3ardnz.exe -r 24776 tcp

Creates File\Device\Afd\Endpoint
Winsock DNS239.255.255.250

Network Details:

DNSjumpgray.net
Type: A
69.195.129.70
DNSstickmarch.net
Type: A
69.195.129.70
DNStablefruit.net
Type: A
69.195.129.70
DNSdavedekilai.com
Type: A
66.147.244.161
DNSlaloponea.com
Type: A
216.239.138.68
DNSmusicdish.net
Type: A
69.94.12.87
DNSwishdish.net
Type: A
173.201.246.204
DNSmadepure.net
Type: A
192.185.17.103
DNShairhour.net
Type: A
184.168.221.45
DNSmusichour.net
Type: A
202.172.28.105
DNSkaselindertu.com
Type: A
DNSfredesecas.com
Type: A
DNSmusicmarch.net
Type: A
DNSyarddish.net
Type: A
DNSyardjuly.net
Type: A
DNSmusicjuly.net
Type: A
DNSwentpure.net
Type: A
DNSspendpure.net
Type: A
DNSwentmarch.net
Type: A
DNSspendmarch.net
Type: A
DNSwentdish.net
Type: A
DNSspenddish.net
Type: A
DNSwentjuly.net
Type: A
DNSspendjuly.net
Type: A
DNSfrontpure.net
Type: A
DNSofferpure.net
Type: A
DNSfrontmarch.net
Type: A
DNSoffermarch.net
Type: A
DNSfrontdish.net
Type: A
DNSofferdish.net
Type: A
DNSfrontjuly.net
Type: A
DNSofferjuly.net
Type: A
DNShangpure.net
Type: A
DNSseptemberpure.net
Type: A
DNShangmarch.net
Type: A
DNSseptembermarch.net
Type: A
DNShangdish.net
Type: A
DNSseptemberdish.net
Type: A
DNShangjuly.net
Type: A
DNSseptemberjuly.net
Type: A
DNSjoinpure.net
Type: A
DNSwishpure.net
Type: A
DNSjoinmarch.net
Type: A
DNSwishmarch.net
Type: A
DNSjoindish.net
Type: A
DNSjoinjuly.net
Type: A
DNSwishjuly.net
Type: A
DNSdeadpure.net
Type: A
DNSrockpure.net
Type: A
DNSdeadmarch.net
Type: A
DNSrockmarch.net
Type: A
DNSdeaddish.net
Type: A
DNSrockdish.net
Type: A
DNSdeadjuly.net
Type: A
DNSrockjuly.net
Type: A
DNSwrongpure.net
Type: A
DNSwrongmarch.net
Type: A
DNSmademarch.net
Type: A
DNSwrongdish.net
Type: A
DNSmadedish.net
Type: A
DNSwrongjuly.net
Type: A
DNSmadejuly.net
Type: A
DNShumancompe.net
Type: A
DNShaircompe.net
Type: A
DNShumanhour.net
Type: A
DNShumanfell.net
Type: A
DNShairfell.net
Type: A
DNShumancount.net
Type: A
DNShaircount.net
Type: A
DNSyardcompe.net
Type: A
DNSmusiccompe.net
Type: A
DNSyardhour.net
Type: A
DNSyardfell.net
Type: A
DNSmusicfell.net
Type: A
DNSyardcount.net
Type: A
DNSmusiccount.net
Type: A
DNSwentcompe.net
Type: A
DNSspendcompe.net
Type: A
DNSwenthour.net
Type: A
DNSspendhour.net
Type: A
DNSwentfell.net
Type: A
DNSspendfell.net
Type: A
DNSwentcount.net
Type: A
DNSspendcount.net
Type: A
DNSfrontcompe.net
Type: A
DNSoffercompe.net
Type: A
DNSfronthour.net
Type: A
DNSofferhour.net
Type: A
DNSfrontfell.net
Type: A
DNSofferfell.net
Type: A
DNSfrontcount.net
Type: A
DNSoffercount.net
Type: A
HTTP GEThttp://jumpgray.net/forum/search.php?method=validate&mode=sox&v=016&sox=2b555c01
User-Agent:
HTTP GEThttp://stickmarch.net/forum/search.php?method=validate&mode=sox&v=016&sox=2b555c01
User-Agent:
HTTP GEThttp://tablefruit.net/forum/search.php?method=validate&mode=sox&v=016&sox=2b555c01
User-Agent:
HTTP GEThttp://davedekilai.com/forum/search.php?method=validate&mode=sox&v=016&sox=2b555c01
User-Agent:
HTTP GEThttp://laloponea.com/forum/search.php?method=validate&mode=sox&v=016&sox=2b555c01
User-Agent:
HTTP GEThttp://musicdish.net/forum/search.php?method=validate&mode=sox&v=016&sox=2b555c01
User-Agent:
HTTP GEThttp://wishdish.net/forum/search.php?method=validate&mode=sox&v=016&sox=2b555c01
User-Agent:
HTTP GEThttp://madepure.net/forum/search.php?method=validate&mode=sox&v=016&sox=2b555c01
User-Agent:
HTTP GEThttp://hairhour.net/forum/search.php?method=validate&mode=sox&v=016&sox=2b555c01
User-Agent:
HTTP GEThttp://musichour.net/forum/search.php?method=validate&mode=sox&v=016&sox=2b555c01
User-Agent:
HTTP GEThttp://jumpgray.net/forum/search.php?method=validate&mode=sox&v=016&sox=2b555c01
User-Agent:
HTTP GEThttp://stickmarch.net/forum/search.php?method=validate&mode=sox&v=016&sox=2b555c01
User-Agent:
HTTP GEThttp://tablefruit.net/forum/search.php?method=validate&mode=sox&v=016&sox=2b555c01
User-Agent:
HTTP GEThttp://davedekilai.com/forum/search.php?method=validate&mode=sox&v=016&sox=2b555c01
User-Agent:
HTTP GEThttp://laloponea.com/forum/search.php?method=validate&mode=sox&v=016&sox=2b555c01
User-Agent:
HTTP GEThttp://musicdish.net/forum/search.php?method=validate&mode=sox&v=016&sox=2b555c01
User-Agent:
HTTP GEThttp://wishdish.net/forum/search.php?method=validate&mode=sox&v=016&sox=2b555c01
User-Agent:
HTTP GEThttp://madepure.net/forum/search.php?method=validate&mode=sox&v=016&sox=2b555c01
User-Agent:
HTTP GEThttp://hairhour.net/forum/search.php?method=validate&mode=sox&v=016&sox=2b555c01
User-Agent:
HTTP GEThttp://musichour.net/forum/search.php?method=validate&mode=sox&v=016&sox=2b555c01
User-Agent:
Flows TCP192.168.1.1:1036 ➝ 69.195.129.70:80
Flows TCP192.168.1.1:1037 ➝ 69.195.129.70:80
Flows TCP192.168.1.1:1038 ➝ 69.195.129.70:80
Flows TCP192.168.1.1:1040 ➝ 66.147.244.161:80
Flows TCP192.168.1.1:1041 ➝ 216.239.138.68:80
Flows TCP192.168.1.1:1042 ➝ 69.94.12.87:80
Flows TCP192.168.1.1:1043 ➝ 173.201.246.204:80
Flows TCP192.168.1.1:1044 ➝ 192.185.17.103:80
Flows TCP192.168.1.1:1045 ➝ 184.168.221.45:80
Flows TCP192.168.1.1:1046 ➝ 202.172.28.105:80
Flows TCP192.168.1.1:1047 ➝ 69.195.129.70:80
Flows TCP192.168.1.1:1048 ➝ 69.195.129.70:80
Flows TCP192.168.1.1:1049 ➝ 69.195.129.70:80
Flows TCP192.168.1.1:1050 ➝ 66.147.244.161:80
Flows TCP192.168.1.1:1051 ➝ 216.239.138.68:80
Flows TCP192.168.1.1:1052 ➝ 69.94.12.87:80
Flows TCP192.168.1.1:1053 ➝ 173.201.246.204:80
Flows TCP192.168.1.1:1054 ➝ 192.185.17.103:80
Flows TCP192.168.1.1:1055 ➝ 184.168.221.45:80
Flows TCP192.168.1.1:1056 ➝ 202.172.28.105:80

Raw Pcap

Strings
[
Z
[
Z
[
\
..
...
...
............... ..!"!0#!$!.
%
.
&(..
.
)*)
+,+-./0/.-+1+
.
-_
eageCaetSTadHlrlrrSchSetoeOedl
e.ea2etnEliACvn
Fv3seet
reCd
lnnje
lr
tpEbeeateiKWonlt
"
 
 
 
:
:
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
 
!
"
#
$
%
&
'
(
)
*
+
,
-
.
/
0
1
2
 ' 
  ---
ss
+
 0
a
+%3D%3A%26A&
dll2
h2
1
1
exe
.
.
S
"1"
2dll1exe
h1
21212
 
%+#.*fa
0e
%+#I64o
.,
 -CC00-+ 
 
-E-
-0
-0010+-0
0
-0
.
-e-
. 
.
\
00
.
00-+ 
  :\
:.............?- 
0
0
0
0
-
.
..

                                 H
         (((((                  H
         h((((                  H
jjjh
jjjj
jjjjh
jjjjj
KERNEL32.DLL
Ljjj
Mjjj
mscoree.dll
Njjj
Njjjj
N(null)
                          
																		
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0A@@Ju
0MNG)K
0SSSSS
}0 ,'T
0WWWWW
}{1\%	
1J|S{-
1pWRY$[
1#QNAN
1#SNAN
1V0#j+NYT
1`x>kcK
2`&2+r]%
2AOtB{
\2b3@xH
:2 Ctj
2Z{{gQOU
3M@SlG@\
/%4	=(
^4!\/D
:.4JPQ
4K{G0D
'/4YyeQiFoe4
#<5H{~
/5m~n]c
;6 _9;
6aVqQDLBtB 
$6k_AuS*
6k';m0
6:M/SUgr
6/Nqti
6SFmBo}
'6TZqc
7BwL'`w,6
^7!fkV
7ls$5Gm(
)?7QW	
85K$aw
868.Lz
8N{cCTDq
8VVVVV
8[*<!y`
8yI*Ib
:)!]9/'
97[cf3
9+{fFLg
9-:]\q
9Y*4h,
@Aa2e4
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
Ahm<V51
ALVWfF
america
american
american english
american-english
An application has made an attempt to load the C runtime library incorrectly.
'AR~8,
<at9<rt,<wt
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
.?AUctype_base@std@@
August
australian
.?AVbad_alloc@std@@
.?AVbad_cast@std@@
.?AVbad_exception@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$ctype@D@std@@
.?AVexception@std@@
.?AVfacet@locale@std@@
.?AVfailure@ios_base@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AVlength_error@std@@
.?AV_Locimp@locale@std@@
.?AVlogic_error@std@@
.?AV?$numpunct@D@std@@
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AVout_of_range@std@@
.?AVruntime_error@std@@
.?AVtype_info@@
a*|Vy'
bad allocation
bad cast
bad exception
 Base Class Array'
 Base Class Descriptor at (
__based(
BeginPaint
belgian
B(l6Ey
B >oR1
BQFlp"
britain
$BuM*t>
 bU<W;
bY	bT	
^B^Zuw/
c/:1_`
canadian
CbHsdX
__cdecl
}cH#@8
ChaBic}
CheckDlgButton
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
&CL8Gx
 Class Hierarchy Descriptor'
CloseHandle
__clrcall
cmd.exe
CompareStringA
CompareStringW
 Complete Object Locator'
COMSPEC
CONOUT$
`copy constructor closure'
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
CorExitProcess
Cp9jS(
C PjPV
C$PjQV
C.PjRV
C/PjSV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
CreateFileA
CreateProcessA
- CRT not initialized
cy2%'k
D6&!g{~
d=9fmI.JDQY
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
 delete
 delete[]
Delete
DeleteCriticalSection
DeleteFileA
deque<T> too long
DfrKGi$
D\I*c!%D
DOMAIN error
DrawTextA
dutch-belgian
_dwlsO
d$<x:a
\dXZjGB
`dynamic atexit destructor for '
`dynamic initializer for '
e4i 2X<
+|E9)`egi
"eE6jYc
eFc@k?$
e.hC\7
}EH|	s
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
~?$EJ'
<EK3$!XL
#!\E:(l
EnableWindow
EncodePointer
EndDialog
EndPaint
england
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
EnterCriticalSection
EnumSystemLocalesA
ExitProcess
f8adE#	
__fastcall
FBU3q.^
F	Cds*
February
^fGX6~o
f!hZ=v
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindResourceA
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
ForceRemove
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
french-belgian
french-canadian
french-luxembourg
french-swiss
Friday
^F<-uB
f/+v;w
*.(gA,
GAIsProcessorFeaturePresent
gck<jfL
GDI32.dll
geK>tMay
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
GetACP
GetActiveWindow
GetBkColor
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetCursor
GetDCBrushColor
GetDCPenColor
GetDialogBaseUnits
GetDlgItem
GetDlgItemInt
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesA
GetFileType
GetFontLanguageInfo
GetFontUnicodeRanges
GetForegroundWindow
GetFullPathNameA
GetInputState
GetKeyboardType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetMapMode
GetMenu
GetMenuCheckMarkDimensions
GetMenuContextHelpId
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMetaRgn
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetNearestColor
GetNearestPaletteIndex
GetObjectType
GetOEMCP
GetPixelFormat
GetProcAddress
GetProcessHeap
GetProcessId
GetProcessWindowStation
GetPropA
GetQueueStatus
GetRandomRgn
GetScrollPos
GetStartupInfoA
GetStdHandle
GetStretchBltMode
GetStringTypeA
GetStringTypeW
GetSystemPaletteUse
GetSystemTimeAsFileTime
GetTextCharacterExtra
GetTextCharset
GetTextCharsetInfo
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserObjectInformationA
GetVersion
GetWindowContextHelpId
GetWindowDC
GetWindowLongA
\GIDgf+
GlobalAlloc
GlobalFlags
GlobalHandle
GlobalSize
GLO:-j
gP['BQ
great britain
<G=;xx
`h````
!|H4@N
[h%6`Ag
Hb6^~a
$hBi :
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
hG<6-Q2+
`h`hhh
HH:mm:ss
HHtXHHt
HHtYHHt
h-jWLy
holland
hong-kong
h^	r4b
h S\4I
!HX6,u9.
>If90t
:if#~i
<I=$)^g^
ijKSh~w
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
invalid map/set<T> iterator
invalid string position
ios_base::badbit set
ios_base::eofbit set
ios_base::failbit set
I>pG:]z
irish-english
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWindowEnabled
italian-swiss
j	2f5!
j2hPSM
j^%4?a	&e*
J6ukFp
jAhhEM
JanFebMarAprMayJunJulAugSepOctNovDec
January
jDhHvM
~Jdy?%B,
j#h0lM
j'h0|M
j	h8jM
j"h8LM
j	h\cM
j	h<DM
j	h\EM
j&h,FM
j	h,LM
j#hLoM
j	hlpM
j	h\RM
j	hTKM
j	htnM
j	htVM
j,htXM
j	hxPM
jI*'fK)H
j@j ^V
j-LW;JE:Fp
$Jo8l@xeaQ
JOZo*L
[j}-P59
JROvIpT
j"^SSSSS
jThXkM
(!Ju5wBC\
J	V7a^@
jY#!o^
J/"Y.P
[K<_`2
KERNEL32
KERNEL32.dll
_(kqK;
KY6q",>
k|Y`SsHTz
l53w=j
LC_ALL
LC_COLLATE
LC_CTYPE
LCMapStringA
LCMapStringW
LC_MONETARY
LC_NUMERIC
LC_TIME
L~D8/?"
LeaveCriticalSection
LeiLX;
?LG_|.
LoadIconA
LoadLibraryA
LoadResource
LocalAlloc
LocalFlags
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LockResource
|lO>E!
|loX-M
|l*uG6
lVt;jB
l|yY\^id
M~ 1vDs
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
MessageBoxA
']MfCu
Microsoft Visual C++ Runtime Library
?<(mJ&
m(%JbDTt5
m{j*Df
MM/dd/yy
Monday
MoveFileA
MoveWindow
mSHkjx
mtFq1&
m_U2wR}
MultiByteToWideChar
"M{w_s
{mwV0s;
MZK%&-\
;mZY0F{S
N2UhqC^u
n|9 %2
&neH!b
 new[]
new-zealand
nMfl$vW
NoRemove
norwegian
norwegian-bokmal
norwegian-nynorsk
Norwegian-Nynorsk
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
(null)
ny)@hh|
o8XNDB
October
OLEAUT32.dll
=OLZ!r
`omni callsig'
operator
O[uNkb
][oVNT%
p4{!S?
[P9	%J
__pascal
Pf95(NN
`placement delete closure'
`placement delete[] closure'
Please contact the application's support team for more information.
]Pn7hQuI
portuguese-brazilian
PostMessageA
PPPPPPPP
pr china
pr-china
 P,rm;@,"h
Program: 
<program name unknown>
__ptr64
puerto-rico
- pure virtual function call
{q8Wnh
~#Q9w^?
\|qKKk
QQSVWd
Q"/%"[T 
QueryPerformanceCounter
RaiseException
RD4ltK
`.rdata
ReadFile
RemovePropA
__restrict
RjKBj/s
R*L5'C
)rS6>F
rsRg*2l
RtlUnwind
runtime error 
Runtime Error!
rZ}6XX
s3,uV4
Saturday
`scalar deleting destructor'
%&$SdV
SendMessageA
September
SetDlgItemTextA
SetEndOfFile
SetEnvironmentVariableA
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetSystemPaletteUse
SetTextAlign
SetTextCharacterExtra
SetTextColor
SetTextJustification
SetUnhandledExceptionFilter
SetWindowTextA
s:G\aJ
ShowWindow
SING error
SizeofResource
slovak
#Smj&^xdd2
south africa
south-africa
south korea
south-korea
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
?S*=qE	
SqR)i8)\
s[S;7|G;w
SsE=Rh)
^SSSSS
__stdcall
`string'
string too long
Sunday
SunMonTueWedThuFriSat
+SWB8Nz}
swedish-finland
s]xs*&K
SystemRoot
|>&[(T
t1	V&ZH
>;t4Ox
tdhHtK
TerminateProcess
t=FA9]
tGHt.Ht&
(</t$h8
tHhHuK
+t HHt
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
t hpwK
Thursday
tIj"[:
t:j)h0nM
< tK<	tG
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
<\tM</tI
/To<?4
!t$-q#z
tR99u2
trinidad & tobago
t"SS9]
<+t(<-t$:
t$<"u	3
Tuesday
;t$,v-
t VV9u
t+WWVPV
txj7h,
 Type Descriptor'
`typeof'
u1ie`,
+U3 3u_t
U^4Js<
>:u8FV
`udt returning'
ulj	h0
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UNICODE
united-kingdom
united-states
Unknown exception
UnzM47=
UpdateColors
UQPXY]Y[
uqSSSSS
URPQQh<YJ
US_0|}7
USER32.dll
USER32.DLL
u[SSSP
UTF-16LE
u,VVWV
UxGFF6
u]Z\+XgT
V0&#yS
`vbase destructor'
`vbtable'
`vcall'
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
Vf;k.0
`vftable'
VirtualAlloc
`virtual displacement map'
VirtualFree
#(vMLr
v	N+D$
_VVVVV
VVVVVQRSSj
V;xGJQ~
W8	|xM
WaitForSingleObject
WAm!qFNn
Wednesday
	?wf3FP
WHbAa``Q\
wHh(uK
WideCharToMultiByte
WindowFromDC
Wjz[n]
wkrO=K)T`
&?*wkW
WL6iI|
}>@WPL
+Wp'WK
WriteConsoleA
WriteConsoleW
WriteFile
WS2_32.dll
^WWWWW
*x8si-
xc>$jmN)
|xI*><]9
XkWH6i
'XpjAu]
.x*{p; =L
xppwpp
xpxxxx
x@	R| 
X_#sX#X
<xtX<XtT
 YGh`$
yJ>9\FVu
y[RMQg
>=Yt1j
Y<\u#j\V
Yw+>Z;
((="Z 
,z0(_tI
%=Z,C$
Zp7d{^]
ZUk0UHm
z	/%yT
z^~]zD