| Analysis Date | 2015-05-29 06:31:25 |
|---|---|
| MD5 | 4ca0af3949b4e2ba82ba80d8e43098df |
| SHA1 | 21be6917a8c196e754928df6bc360fa97791b356 |
Static Details:
| File type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
|---|---|---|
| Section | .text md5: 6190a698eb211f74bdd456b40bfbdd24 sha1: 0da18a6b9e746f92a7b147012f6a8934b957e3c6 size: 199168 | |
| Section | .rdata md5: 2391e36653b7fae57969192e447d86f0 sha1: 24c947102b64af38b7ee48978a1113f435e3568d size: 52224 | |
| Section | .data md5: 7755b9d4e920f4da39a0fe93797c147f sha1: 7512b1efeb23e5e42f6c847e87b861b2a3e1afc1 size: 7680 | |
| Section | .reloc md5: 3f261b83b3dc2f0ed418d5f305bafc7f sha1: 9d74d0a7bf74fbd4ee3a8de3026e58f357bd1271 size: 14848 | |
| Timestamp | 2015-04-29 18:59:55 | |
| Packer | Microsoft Visual C++ 8 | |
| PEhash | 59306500d9675d3c9765d27455fe6b78a4e91683 | |
| IMPhash | 7b9e2c194267f305e05304bd93f4b3a6 | |
Runtime Details:
| Screenshot |  |
|---|
Process
↳ C:\malware.exe
| Creates File | C:\WINDOWS\btcbqyitphff\nnyxzxxkrj |
|---|---|
| Creates File | C:\btcbqyitphff\nnyxzxxkrj |
| Creates File | C:\btcbqyitphff\py8mj1lkxqybglcfxcb1.exe |
| Deletes File | C:\WINDOWS\btcbqyitphff\nnyxzxxkrj |
| Creates Process | C:\btcbqyitphff\py8mj1lkxqybglcfxcb1.exe |
Process
↳ C:\btcbqyitphff\py8mj1lkxqybglcfxcb1.exe
| Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\DNS Source Link Secondary Connect Portable ➝ C:\btcbqyitphff\ppudlaihj.exe |
|---|---|
| Creates File | C:\WINDOWS\btcbqyitphff\nnyxzxxkrj |
| Creates File | C:\btcbqyitphff\ppudlaihj.exe |
| Creates File | C:\btcbqyitphff\nnyxzxxkrj |
| Creates File | PIPE\lsarpc |
| Creates File | C:\btcbqyitphff\z3anurh |
| Deletes File | C:\WINDOWS\btcbqyitphff\nnyxzxxkrj |
| Creates Process | C:\btcbqyitphff\ppudlaihj.exe |
| Creates Service | Function Removal Disk DCOM Management Copy - C:\btcbqyitphff\ppudlaihj.exe |
Process
↳ C:\WINDOWS\system32\svchost.exe
Process
↳ Pid 808
Process
↳ Pid 856
Process
↳ C:\WINDOWS\System32\svchost.exe
| Creates File | C:\WINDOWS\system32\WBEM\Logs\wbemess.log |
|---|
Process
↳ Pid 1212
Process
↳ C:\WINDOWS\system32\spoolsv.exe
| Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝ NULL |
|---|---|
| Registry | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝ 7 |
| Registry | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝ NULL |
| Registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝ C:\WINDOWS\System32\spool\PRINTERS\\x00 |
Process
↳ Pid 1876
Process
↳ Pid 1160
Process
↳ C:\btcbqyitphff\ppudlaihj.exe
| Creates File | pipe\net\NtControlPipe10 |
|---|---|
| Creates File | C:\WINDOWS\btcbqyitphff\nnyxzxxkrj |
| Creates File | C:\btcbqyitphff\nnyxzxxkrj |
| Creates File | \Device\Afd\Endpoint |
| Creates File | C:\btcbqyitphff\z3anurh |
| Creates File | C:\btcbqyitphff\wxbldqmdrqju |
| Creates File | C:\btcbqyitphff\cjzozwhom.exe |
| Deletes File | C:\WINDOWS\btcbqyitphff\nnyxzxxkrj |
| Creates Process | zjjafvf1x5gy "c:\btcbqyitphff\ppudlaihj.exe" |
Process
↳ C:\btcbqyitphff\ppudlaihj.exe
| Creates File | C:\WINDOWS\btcbqyitphff\nnyxzxxkrj |
|---|---|
| Creates File | C:\btcbqyitphff\nnyxzxxkrj |
| Deletes File | C:\WINDOWS\btcbqyitphff\nnyxzxxkrj |
Process
↳ zjjafvf1x5gy "c:\btcbqyitphff\ppudlaihj.exe"
| Creates File | C:\WINDOWS\btcbqyitphff\nnyxzxxkrj |
|---|---|
| Creates File | C:\btcbqyitphff\nnyxzxxkrj |
| Deletes File | C:\WINDOWS\btcbqyitphff\nnyxzxxkrj |
Network Details:
Raw Pcap
0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2067 : close..Host: g 0x00000040 (00064) 656e746c 65686561 72742e6e 65740d0a entleheart.net.. 0x00000050 (00080) 0d0a .. 0x00000000 (00000) 47455420 2f696e64 65782e70 68702048 GET /index.php H 0x00000010 (00016) 5454502f 312e300d 0a416363 6570743a TTP/1.0..Accept: 0x00000020 (00032) 202a2f2a 0d0a436f 6e6e6563 74696f6e */*..Connection 0x00000030 (00048) 3a20636c 6f73650d 0a486f73 743a2062 : close..Host: b 0x00000040 (00064) 656c6f6e 67626568 696e642e 6e65740d elongbehind.net. 0x00000050 (00080) 0a0d0a ...
Strings
H
C
adn
S
notli
"
\
.
\
.
.
e
.
00-+ .
-
-1
+-0-E-
-0
\
.
0
0
-
000
-
c
Pp.....
u
2.exe
- abort() has been called
af-za
af-ZA
April
ar-ae
ar-AE
ar-bh
ar-BH
ar-dz
ar-DZ
ar-eg
ar-EG
ar-iq
ar-IQ
ar-jo
ar-JO
ar-kw
ar-KW
ar-lb
ar-LB
ar-ly
ar-LY
ar-ma
ar-MA
ar-om
ar-OM
ar-qa
ar-QA
ar-sa
ar-SA
ar-sy
ar-SY
ar-tn
ar-TN
ar-ye
ar-YE
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
az-az-cyrl
az-AZ-Cyrl
az-az-latn
az-AZ-Latn
.bat
be-by
be-BY
bg-bg
bg-BG
bn-in
bn-IN
bs-ba-latn
bs-BA-Latn
ca-es
ca-ES
Cja-JP
.cmd
.com
CONOUT$
CR6002
- CRT not initialized
cs-cz
cs-CZ
cy-gb
cy-GB
da-dk
da-DK
dddd, MMMM dd, yyyy
de-at
de-AT
December
de-ch
de-CH
de-de
de-DE
de-li
de-LI
de-lu
de-LU
div-mv
div-MV
Djjj
Djjjj
Djjjjj
DOMAIN error
el-gr
el-GR
emscoree.dll
en-au
en-AU
en-bz
en-BZ
en-ca
en-CA
en-cb
en-CB
en-gb
en-GB
en-ie
en-IE
en-jm
en-JM
en-nz
en-NZ
en-ph
en-PH
en-tt
en-TT
en-us
en-US
en-za
en-ZA
en-zw
en-ZW
es-ar
es-AR
es-bo
es-BO
es-cl
es-CL
es-co
es-CO
es-cr
es-CR
es-do
es-DO
es-ec
es-EC
es-es
es-ES
es-gt
es-GT
es-hn
es-HN
es-mx
es-MX
es-ni
es-NI
es-pa
es-PA
es-pe
es-PE
es-pr
es-PR
es-py
es-PY
es-sv
es-SV
es-uy
es-UY
es-ve
es-VE
et-ee
et-EE
eu-es
eu-ES
fa-ir
fa-IR
February
fi-fi
fi-FI
- floating point support not loaded
fo-fo
fo-FO
fr-be
fr-BE
fr-ca
fr-CA
fr-ch
fr-CH
fr-fr
fr-FR
Friday
fr-lu
fr-LU
fr-mc
fr-MC
gl-es
gl-ES
gu-in
gu-IN
((((( H
he-il
he-IL
HH:mm:ss
hi-in
hi-IN
hr-ba
hr-BA
hr-hr
hr-HR
hu-hu
hu-HU
hy-am
hy-AM
id-id
id-ID
- inconsistent onexit begin-end variables
is-is
is-IS
it-ch
it-CH
it-it
it-IT
ja-jp
January
jjjjj
July
June
ka-ge
ka-GE
kernel32.dll
kk-kz
kk-KZ
kn-in
kn-IN
kok-in
kok-IN
ko-kr
ko-KR
ky-kg
ky-KG
lt-lt
lt-LT
lv-lv
lv-LV
March
Microsoft Visual C++ Runtime Library
mi-nz
mi-NZ
mk-mk
mk-MK
ml-in
ml-IN
MM/dd/yy
mn-mn
mn-MN
Monday
mr-in
mr-IN
ms-bn
ms-BN
ms-my
ms-MY
mt-mt
mt-MT
nb-no
nb-NO
nl-be
nl-BE
nl-nl
nl-NL
nn-no
nn-NO
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
ns-za
ns-ZA
(null)
October
pa-in
pa-IN
pl-pl
pl-PL
Program:
<program name unknown>
pt-br
pt-BR
pt-pt
pt-PT
- pure virtual function call
quz-bo
quz-BO
quz-ec
quz-EC
quz-pe
quz-PE
R6008
R6009
R6010
R6016
R6017
R6018
R6019
R6024
R6025
R6026
R6027
R6028
R6030
R6031
R6032
R6033
R6034
ro-ro
ro-RO
runtime error
Runtime Error!
ru-ru
ru-RU
sa-in
sa-IN
Saturday
se-fi
se-FI
se-no
se-NO
September
se-se
se-SE
SING error
sk-sk
sk-SK
sl-si
sl-SI
sma-no
sma-NO
sma-se
sma-SE
smj-no
smj-NO
smj-se
smj-SE
smn-fi
smn-FI
sms-fi
sms-FI
sq-al
sq-AL
sr-ba-cyrl
sr-BA-Cyrl
sr-ba-latn
sr-BA-Latn
sr-sp-cyrl
sr-SP-Cyrl
sr-sp-latn
sr-SP-Latn
Sunday
sv-fi
sv-FI
sv-se
sv-SE
sw-ke
sw-KE
syr-sy
syr-SY
ta-in
ta-IN
te-in
te-IN
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
th-th
th-TH
Thursday
TLOSS error
tn-za
tn-ZA
tr-tr
tr-TR
tt-ru
tt-RU
Tuesday
uk-ua
uk-UA
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
ur-pk
ur-PK
USER32.DLL
uz-uz-cyrl
uz-UZ-Cyrl
uz-uz-latn
uz-UZ-Latn
vi-vn
vi-VN
Wednesday
xh-za
xh-ZA
zh-chs
zh-CHS
zh-cht
zh-CHT
zh-cn
zh-CN
zh-hk
zh-HK
zh-mo
zh-MO
zh-sg
zh-SG
zh-tw
zh-TW
zu-za
zu-ZA
< <@<`<
=$=(=,=0=
0%000?0M0v0}0
0(00080L0T0a0h0|0
0#0)040:0A0Y0a0j0p0
0$0,040<0D0L0T0\0d0l0t0|0
0$0,040<0D0L0T0\0d0l0t0$:(:,:0:
0!0+0A0K0c0s0
0#0.0B0W0c0o0w0
0/0@0L0S0Z0u0
0'0@0N0g0u0
0*020B0P0`0h0t0
0,040<0K0Q0c0k0
0(040A0I0
'0/070?0G0O0[0u0
0*090S0[0o0
0;0C0O0W0d0z0
0&0F0L0R0`0j0p0y0
0'0J0n0x0
0<0Y0a0q0
0(101D1N1V1
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0*1b1j1
0?1G1n1
0:1G1Y1f1r1z1
0+1S1c1s1
; ;$;(;,;0;4;8;
< <'<,<0<4<U<
; ;(;0;8;@;H;
: :(:0:8:@:H:P:X:`:h:p:x:
=*=0=8=@=L=T=x=}=
?'?0?8?M?R?g?}?
<#<0<8<n<
;,;0;@;d;p;x;
-0G0S0[0c0k0p0
_0j0z0
>+>0>_>l>
: :(:0:@:L:Y:c:k:~:
<0<P<h<
0Srb/]
0X0]0e0
10171T1p1x1
1#1)1<1H1
1"1:1?1J1R1Z1e1k1
1!111w1
1$1,141<1D1L1T1\1d1l1t1|1
1$1,141<1D1L1T1\1l1t1|1
1"1)161L1r1
1*1<1D1P1X1b1n1{1
1:1@1e1z1
1$1=1G1W1b1
1,1:1H1N1Z1
1!1)1I1W1p1~1
1"1.1j1{1
1"1d1l1w1
1;1H1[1m1
1>1h1u1
1)212>2P2b2j2y2
1!282@2T2\2j2r2~2
1>2C2I2P2
1>2F2R2_2g2o2w2
131@1M1U1b1m1
142e2|2
152S2d2
=#=)=1=6=<=D=I=O=W=\=b=j=o=t=}=
=%=1=9=E=M=U=y=
<1=9=G=r=
:1:;:B:L:`:h:t:y:
?'?1?C?R?Z?b?
<1<D<J<P<W<`<e<k<s<x<~<
<1<E<R<m<
=%=1=>=F=|=
;1<i<^=~=
1I1Y1e1z1
=1=>=I=V=j=x=
1#QNAN
1#SNAN
>*?1?=?T?[?a?
1xHp"&e
20=0t0|0
20252M2U2^2e2w2
203R4Z4
2#202]2q2
2(20272?2K2S2[2g2o2{2
2"202K2R2
2$2,242<2D2L2T2\2d2l2t2|2
2!2*242L2W2l2y2
2"2-252B2L2r2
2 2?2T2
2#282d2o2w2
2-292H2m2
2(2A2O2e2r2
2)2F2L2S2Z2d2l2t2|2
2-2K2_2e2
2,343G3
2'3a3p3y3
2&3K3S3_3r3z3
242e2m2w2
252I2c2i2o2
262G2]2
272Z2b2j2v2
293K3P3[3c3k3x3
2b2n2u2
?2?b?j?
<(<2<B<M<\<h<o<w<
2D2Y2q2
2F2Q2Y2a2j2y2
<2<F<g<s<
>&>,>2>:>@>F>N>W>^>f>o>
:):2:>:I:p:
;&;2;K;
:*:2:P:W:
#<2S@/
!313A3
323:3A3`3f3r3
3!303=3I3[3
3 3$3(303H3X3\3l3p3t3x3
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3|3
3+333?3]3e3m3
3!3'3/393A3I3S3h3p3z3
3'3/3?3G3Z3b3j3r3z3
3#3.343[3
3$3,343<3D3L3T3\3d3l3t3|3
3&3.343J3`3j3r3w3
3"3.363>3D3L3Z3o3y3
3 3'373l3x3
3#3+373R3^3f3o3|3
3#3?3G3\3h3s3
3'343<3D3O3Z3x3
3'393m3
3,3G3`3q3~3
3#3T3n3
3+404F4R4^4
3,434J4
3/444s4x4
3+4\4v4
3 484K4_4k4s4
3\5b5l5
3f4l4s4y4
<'<3<><f<l<{<
> >(>->3>;>@>F>N>S>Y>a>f>l>t>y>
>)>3>>>J>V>^>|>
3K3a3m3
>%>->3>l>s>}>
>3>>>U>
=#=,=3=<=V=b=}=
4\~2&.
435e5j6q6y6
4,404@4D4H4P4h4x4|4
4#404w4
4&424O4l4t4|4
4$4,40484@4H4P4X4`4h4p4x4
4#4+434=4E4M4W4]4k4q4
4 4#4+434;4C4K4S4[4h4|4
4 4$4(4,4044484
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
4,444<4D4L4T4l4v4
4'444A4L4T4^4f4n4
4)4/4<4Z4`4i4v4
4"4*454E4a4i4n4
444D4\4t4
4/4?4G4T4l4|4
4$4=4H4N4]4d4o4w4
4&4?4M4f4t4
4/494A4H4U4`4h4~4
4=4G4f4
4!5+595U5c5n5w5
4-565>5X5w5
485H5T5\5h5x5
4A4L4\4c4
=$=,=4=<=D=L=T=\=d=l=t=|=
=4?<?D?L?T?\?d?l?t?|?
>$>,>4><>D>L>T>\>d>l>t>|>
?$?,?4?<?D?L?T?\?d?l?t?|?
4F4S4]4w4
<4<@<H<P<U<m<
:!:,:4:I:S:`:g:m:w:
4J4Z4i4
;,;4;M;U;g;s;{;
<,<4<O<[<f<z<
4P4d4w4
; ;(;4;:;P;X;];t;
?!?4?V?n?
50686A6O6V6\6x6
546<6D6H6P6d6l6
5!53595D5M5Z5b5o5
5#535G5S5`5k5w5
5-535V5p5w5
5(5,50545<5T5d5h5x5|5
5 5(50585@5H5P5X5`5h5p5x5
5 5'5,50545U5
5+555?5E5O5[5s5{5
5'5/5;5S5
5&5.565F5U5p5v5
5&5,595S5X5`5l5r5
5-5:5P5W5]5h5p5
5#585B5
5:5B5V5f5s5
5?5E5L5R5Y5a5h5q5y5
5$5J5R5Z5b5j5r5z5
5^5p5x5
5+5Q5a5m5y5
5 6(606N6x6
5"6)6?6I6
567>7P7\7
5-686R6j6u6
5"6T6m6t6|6
5/6Y7p7
585<5P5
585B5P5j5p5~5
? ?5?A?f?n?v?
5b6t6|6
5c6w6Q7
5E5K5R5
5J5f5x5
>5?L?]?v?
= ='=5=V=
;*;5;=;Z;
626E6M6
636A6Z6a6
6&606B6N6\6z6
6*626F6M6
6$646B6b6m6u6
6 6(60686@6H6P6X6`6h6p6x6
6$6(6,606
6#6/696?6M6W6_6e6m6u6}6
6-6:6B6R6f6u6}6
6,6@6m6
6,696?6E6^6h6u6
6:6A6^8
6/6K6S6[6c6i6
6:6M6W6\6l6
6*6Z6h6
6.767B7Q7
6 7%717D7R7Y7a7}7
:.;6;B;J;R;n;{;
6E6Q6]6l6w6
>">*>6>F>S>Y>j>p>
*-6L/
;&;,;6;<;L;T;Z;i;s;y;
<&<.<6<><N<
=6=R=Z=i=
;*;6;z;
70787@7M7X7d7
707P7p7
7#727q7
7$737X7h7t7|7
7(747<7K7X7z7
7 7(70787@7H7P7X7`7h7p7x7
7#7+737@7}7
7!7+737:7G7`7g7n7v7
7$7,747A7L7m7
7 7)767e7m7~7
7#7-797A7N7b7n7s7y7
7 7*7J7
7%7<7P7{7
7!7B7I7P7b7w7
7'7E7]7x7
7-7I7f7p7~7
7,8:8w8|8
789B9H9\9h9
78:R:_:
7*8Z8p8
7>9?Dm
7a7i7v7
>#>7>B>J>]>d>
:7;B;N;V;^;t;|;
7F7S7h7u7
7f839b9k9
;';/;7;?;G;O;i;
=*=/=7=G=S=\=
7K8h8r8z8
>/>7>L>j>}>
7Q7\7g7{7
:':/:7:W:
828?8\8i8
838A8Z8h8
84888X8t8x8
8!818A8
8.858@8I8
8#868>8E8_8g8o8u8}8
8-878I8W8f8
8 8(80888@8H8P8X8`8h8p8x8
8!8)848P8V8[8c8v8
8!8%8)8-8185898=8A8s8
8!8)8>8[8m8u8|8
8'8;8@8O8_8g8}8
8*8^8h8
8"8)8z8
8 8J8^8|8
8=8J8r8
8 9"929?9y9~9
8@9V9`9s9
8C8K8X8`8p8
8c8n8}8
@8D8H8L8P8T8X8\8`8d8h8l8p8t8
:(:8:\:h:p:
8I9X9a9
8M9_9|9
-8;=Of
= =.=9=
9":-:?:
91G1Q1
9.:6:=:j:w:
979?9^9v9
97:T:\:d:u:}:
989D9`9l9
989W9_9w9
9#92999@9F9[9t9
9-93989
9'949?9]9
9-949>9h9
9#959G9f9x9
9 969B9V9b9j9x9
9 9(90989@9H9P9X9`9h9p9x9
9"9-92989>9H9R9W9
9&9,939J9
9!9'9-949;9B9I9P9W9^9f9n9v9
9 9[9c9m9u9z9
9.9>9J9V9a9g9{9
9-9B9g9n9x9
9<9D9L9n9z9
9`9h9|9
9+9k9v9{9
9*9K9V9\9n9x9
>9>>>C>i>q>y>
9D:Y:r:
<,<9<F<U<]<i<r<
9L:W:_:g:o:
9':M:y:
9NsO>N
;+;9;q;
a2:=i(ID
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
>;>A>b>h>
address family not supported
address_family_not_supported
address in use
address_in_use
address not available
address_not_available
<+=A=L=
already connected
already_connected
A''MNZ~
AreFileApisANSI
argument list too long
argument out of domain
<at-<rt"<wt
August
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
.?AVerror_category@std@@
.?AVexception@std@@
.?AV_Generic_error_category@std@@
.?AV_Iostream_error_category@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AV_System_error_category@std@@
.?AVtype_info@@
bad address
bad_address
bad allocation
bad exception
bad file descriptor
bad_file_descriptor
bad message
Base Class Array'
Base Class Descriptor at (
__based(
BeginPaint
<B<H<e<j<p<
;";b;m;u;};
broken pipe
bWWWWj
= =-=C=
CallWindowProcA
__cdecl
`c?GAM
CheckDlgButton
>C>K>S>]>u>
Class Hierarchy Descriptor'
CloseHandle
CloseThreadpoolTimer
CloseThreadpoolWait
__clrcall
=C=L=W=f=o=w=
CompareStringEx
CompareStringW
Complete Object Locator'
connection aborted
connection_aborted
connection already in progress
connection_already_in_progress
connection refused
connection_refused
connection reset
connection_reset
`copy constructor closure'
CorExitProcess
CreateEventExW
CreateFile2
CreateFileW
CreateSemaphoreExW
CreateSymbolicLinkW
CreateThread
CreateThreadpoolTimer
CreateThreadpoolWait
-;Crjh
cross device link
=/=c=v=~=
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
delete
delete[]
DeleteCriticalSection
DeleteFileA
destination address required
destination_address_required
device or resource busy
=d>h>n>r>
DH!r{!
directory not empty
D`j,'05?
:D:L:d:p:v:}:
:#:,:D:O:U:a:g:x:
= =*=D=U=c=n=x=
`dynamic atexit destructor for '
`dynamic initializer for '
__eabi
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
?'?=?E?M?l?
EnableWindow
EncodePointer
EndDialog
EndPaint
EnterCriticalSection
EnumSystemLocalesEx
=@=E=Q=V=u=
etni=f
?%?E?V?c?k?s?x?}?
E>]VSf
;E;W;j;
executable format error
ExitProcess
F0Q0k0s0
__fastcall
February
file exists
filename too long
filename_too_long
FileTimeToLocalFileTime
FileTimeToSystemTime
file too large
FindClose
FindFirstFileExW
FindResourceA
fkwunbfou iygetenap rogduzf ggdagm vdvuovjpoe sjnitart maoxpadlhe bltucjxoz cafroa saxlaj lamkagf enc mnlafo dvsoxl szdur ldziugcwom lyoq gdnuylmiba frquxcociq plvecn rrremxsucg jcs coeatpio agpholj pbvilubme sup teihpe lriguokb jpebakfla innfinb wgvi jxoevu vracudopr acgto dfcicnxen jjnu ikjcisyso lugjon fmgu lrdi ulrpit dcnufb ogcwem fdudepms dnbedaexuj juoagpo djderca kqlasfj ddvisr mtc zzvufvrib ldbuo ifbdudin rilzofrin bmduu gicmoat esaegcob oym usiqsanj smfaovdjeu tivcurnzoc duhsoboodm niqcuecco tiilsetrm zqogog osnf pkr atv ccle fliara bvjod tuvevia eljoof sspem rriz ghu xirluaa fsanu hsjavjfu ikule pstulul lvgemicvio illj buuzr cpg lascijsniz jdmu a@
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushProcessWriteBuffers
:&:-:F;M;U;o;w;
?:?F?N?e?z?
>F>N>Z>b>p>x>
;fqruasc ofmoc gsna nycopzm dffuh eurnsauuj uvvd sjugedo pbzufo zav dir aojcfabbg ulzaba ioaspsal sstalj zzfotj lwos uwad fppajufedo lodvuzks vjlabnco xmpawfmu ojdso ylnislg dhl dndermgim ubbuh wtfovlmev braolerz mesu bglo jwlaxbpab ppgoefmjo yrhojghelx nfze jrxe lmwoijdl rijseloo blcubnpixp knpiflzuvg cnsoycle vnkepwredm tgsed mztigc faofxifdp rzcadggibc sdmodgf zvagu ssoziibqbe fgoelag gbzobvca etg ufjceco xgsajal ftc lrsudfjasw cfsae r
FreeEnvironmentStringsW
FreeLibraryWhenCallbackReturns
Friday
?F?t?|?
fuddaoj loz isct lguobokgyu upcguban tdpej tlw uhuifmibd nsbolwve wlbua lyopa lpm rjog jtcoe suaqsui ocbtan elsilol dme bcy oasmpiibj zdloclm uuo vduisu bfaser juohsaax lsiboykg polbadb rintaluv gamtu vbvogtcob grsiseg htdeisfdob vwlon sponubg kuwuxa afbpem asggut cphivj toe iqutm qrsuo mcb vkr ecagcivxe fvjad iolpfijmg gclorezcu deezru tabe qpu mqavoagyx saamowop vpfeuc lcnut ouesisne ctlujdbi vcbulzid fekvae ocjh mpagop lddugppe gdc ypnu kjnozk zvgacm cnvatbj ibnzillju njmonag zflizejir dpo dcidivs jhuuwumm apsneuu qdsiwegs yjapods iptnaszc ocje azcli cgn aain bvxetioxr ppjibvpozi fmsifzfol nzd shsaugwd hdfez pajutajso fsjiebz lfw fpdazjno yynarzf fjgaul hdz rfna zbmeapvgaj elj ngijimd
function not supported
FU?ri7
:>;F;Y;d;i;y;
GDI32.dll
=!=G=e=
generic
GetACP
GetActiveWindow
GetBkColor
GetClipRgn
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetCPInfo
GetCurrentDirectoryW
GetCurrentPackageId
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThreadId
GetCursor
GetDateFormatEx
GetDCBrushColor
GetDlgItem
GetDlgItemInt
GetDriveTypeA
GetDriveTypeW
GetEnvironmentStringsW
GetFileInformationByHandle
GetFileInformationByHandleExW
GetFileTime
GetFileType
GetFontLanguageInfo
GetFontUnicodeRanges
GetForegroundWindow
GetFullPathNameW
GetInputState
GetKeyboardType
GetLastActivePopup
GetLastError
GetLocaleInfoEx
GetLogicalProcessorInformation
GetMenu
GetMenuContextHelpId
GetMenuItemCount
GetMenuItemID
GetMenuState
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetPixelFormat
GetPolyFillMode
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetPropA
GetQueueStatus
GetRandomRgn
GetScrollPos
GetStartupInfoW
GetStdHandle
GetStretchBltMode
GetStringTypeW
GetSystemPaletteUse
GetSystemTimeAsFileTime
GetTextCharacterExtra
GetTextCharsetInfo
GetTickCount
GetTickCount64
GetTimeFormatEx
GetTimeZoneInformation
GetUserDefaultLocaleName
GetUserObjectInformationW
GetVersion
GetWindowContextHelpId
GetWindowDC
GetWindowLongA
GlobalAlloc
GlobalFlags
GlobalSize
;+;G;M;S;Y;c;z;
<!<G<M<W<j<t<~<
'^[=GP3%}>
=,=?=G=V=\=f=
?,?G?X?_?e?q?
(G+yXf
`h````
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
=(=H=h=
;H;@<H<e<
`h`hhh
HH:mm:ss
HHtVHHt
;%<?<H<l<n=w=
host unreachable
host_unreachable
; <!<-<<<H<P<\<d<q<
Ht+Ht$Ht
_hypot
identifier removed
;(;<;I;\;e;
illegal byte sequence
inappropriate io control operation
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
interrupted
invalid argument
invalid_argument
invalid seek
invalid string position
io error
iostream
iostream stream error
;i;p;z;
:*;<;I;Q;^;n;v;
is a directory
IsDebuggerPresent
IsProcessorFeaturePresent
:I?S$S?
IsValidCodePage
IsValidLocaleName
IsWindowEnabled
IsWindowUnicode
<itx<o
Ix9xmlX
jA[jZZ+
JanFebMarAprMayJunJulAugSepOctNovDec
January
@jd_u
j/_j\[f;
j@j _W
;=<J<R<c<u<
<+<><J<V<
} kE$<
KERNEL32.dll
>,>K>j>
>K?S?a?i?o?x?
= >K>T>y>
?)?L?`?
lbl fmesil iprbopflad hgv bdgu ljrijnd hcb mpb svtoensfun ifmgeb abgte ysjegscez oopcne lillueds lnlillhezt bijloylmar dpcuehlja idpb bzceb efegiv rls gqlakbma inbsamjdi omfcuilnd pfqevuil qgles pbbuoq nmkijaqgo ugo ctf kgjidmbir dcidoorm sbq ayza vnp nrceaglnuj ujmdud gcfilbbila dlsentjina gmrebndet algpad fhp ieuffy aifdfazi lbecoqsmam gfn srqatonal fiuv fsfehfuya vpca cacl sosba wvit bmgufrsajc eoffgi crsa ceot sjfan bexi lmxuz nifnaaoet uyfdikuqs mip ccdus zmyel cffep cowquocgg ckomip mddukaii ldbebgsoa yjkua pek ltmomff fibk ivrnezecdi blefeewm fmpavp erjogensl buubguept ljcoju sbnuzcnugm jnsudvto zcza trhazqagiu jlmo ufwpibu
LCMapStringEx
LCMapStringW
LeaveCriticalSection
<l=+>,?<?M?U?e?v?
LoadIconA
LoadLibraryExW
LoadResource
LocalFlags
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LockResource
?!?&?/?L?R?
>L?Z?|?
>&>:>L>Z>m>u>
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
MessageBoxW
message size
message_size
MM/dd/yy
Monday
MoveFileA
MoveWindow
]m;"t!)
= >M>U>]>h>t>
MultiByteToWideChar
<M=x=~=
network down
network_down
network reset
network_reset
network unreachable
network_unreachable
new[]
_nextafter
<#<+<?<N<f<y<
nii yznoc qovziaifid emzwaf rydimq incpa itaf qcto cmjac ejos otvsepmf visatujna ejccazedte idaincodn musa cculu jvav kvputash epzt hbsod ntadonnsin mcnejpb oppfunsas yccepzbij dnicajccef pliv zdgubd cvza tminudkh jemop adltag nlt ctqaj iluaaxpa lfsosgjo bfnekduax uguiidgi npopeangm onubjaodo dumaouviik toaoelyib rsad lsac deqipoem famcuvfben eflq jamjusjl kiasvajv snvagfqa ehsfadf ciipba pitepubaui ioqobji uliddujl twiej jltaesit oibtpunl mzcagfnel oxtxoduu syve ykima tgliigt bomdubgf ifjc crbefcmu fqfi nsjumd lzoadorue ojp ehjsa dbdijtkuhs cqcaoairt wqimicbveb bbdimbi inmg mxvii uden abcwah fvgu myy jqnujp mpig ftmoqrg*x
>(><>N>l>u>
/N~M2N
nN1+qN=
no buffer space
no_buffer_space
no child process
no link
no lock available
no message
no message available
no protocol option
no_protocol_option
no space on device
no stream resources
no such device
no such device or address
no such file or directory
no such process
not a directory
not a socket
not_a_socket
not a stream
not connected
not_connected
not enough memory
not supported
November
(null)
&N;X'N
?@?O?{?
October
#olzv fbouh lmtowpi lurabaai jnl bfpetiqw lxomar byhilimem zgfijya bopgirl qjedusrc vgpo uzpfo mcgi zjbibvooje sjsudlbogd fhuf naqsumbaui xlinolft oyigducl csluen bsmum fkaqohe fpfesmomu svgazw gvneitlvaj eowgsizj fimjaxg nhga ispjoaja mmp mailu hbdubpa iprcitw psneoqmbut qjlaxivrev uijmj cfliljmucu jewgear jsnonquf drege fekdaoda vvgervmo aizy vdni lmaf enncovpeo otsunifub ssza mevpemt jli dvdup lgix lir dlzelris szjapgxo ipfner bavdid lpluoqnpua onjecop rjbocfwip vvmer twj bvbu kase ukrodiyr jdzojblet hejmoigx sacruslv gbfii tjbun pldabqsodc bgme jxqaj esh yzpo nehl nqlibgtaph ppgeb kacvuaf mfoqea urnoaguvcf lwnicjroi vvlusr rdorac emdv
`omni callsig'
operation canceled
operation in progress
operation_in_progress
operation not permitted
operation not supported
operation_not_supported
operation would block
operation_would_block
operator
OutputDebugStringW
owner dead
:(:`:p:
p 3[scse hcn fgnajaies vse nfrutfl valzukc ovefnaj eudmqamp tycoumbo dbfeds jgfenmsuf amcgeo sjraadgg blmobfgaa mts rdniloudge gcn pfp silnoil dsatufud hlzoqeoued ygpaibmm osz ojf sllejcto bmuc knkaszmoi vgnuo fzb frcotjsedm acmdagg gzogeobpmu rabb wtwufvgajg gisfu mplobpui uciug cicnemdf golemitt gvrusanteo nckih lbzi faeu jsmakmfadc ttf vgb gpajijm bmsaaggho cmadomg fophiqtso tnbacbidun jagr aua ibp gmgikgmehu rifocaql bdhesl bpdodvp oqmsaqjun dsjortvu admqaujls wmela cdlugnbuq pdk fhdus grujadbp ucmp ecromatji ejd cuiuvp ooltze ecgo ujdegap vla tsriessxeg beidnivoad iaqjbabg cgouesigjb urip tpobefio auxriqocj cog mfm tnzaunr loicoucu qlmujqropc wadtu lwb
__pascal
PeekNamedPipe
permission denied
permission_denied
~pjCXf
`placement delete closure'
`placement delete[] closure'
PP9E u
protocol error
protocol not supported
protocol_not_supported
PSSSSV
=.=P=t=~=
__ptr64
PWWWWV
PYWh|q
:@:P:z:
:':Q:_:
q,LiQ,z$
q)pngconddof oebichitm mczes jrgepra gnyiizzbu lrpu hlnuodcfo snlo bvsargsuyv wflueascra leo nfdiq zidsi svnijakk bvd jxreuzr uiz agkpeep mgikuogd pvmefca upcsonjey bapjenlneu bcfuou ogscuaddzi rvcaig mhhi urisg sygama mpafa gicupohn rcjoyxd emgmuek gizjouvnfi hava epgb gelr ijgworl gyg gbliijzug isbohef izkbipqwa traleghoh imo ycrugllaez gokcud invza dblaarggot mmpaaivutg qfutognle dzp eggmiicz awtlessxoe fguexu tcgelq dvigide bcbafpwujz pvz qnbiolysa ijmxaffa clyoicamya bdvohmiee midbonionh uzpjidzsia qlarejejz bqsipmdogs smpi dll vbadinh ossaj ccm urlojopkm svdofacqi jdf gmuqazq ajncunol xvul akzyenm cga tqcoeidnob cnbigjsuhg ocbcaplo aygc u
QQSVWd
;#;<;Q;^;u;
QueryPerformanceCounter
RaiseException
`.rdata
ReadConsoleW
ReadFile
read only file system
.reloc
RemovePropA
resource deadlock would occur
resource unavailable try again
__restrict
restrict(
result out of range
{>]RLR
RtlUnwind
s7N%29N4
Saturday
`scalar deleting destructor'
:.:<:S:\:d:k:w:
:S;d;u;
SendMessageA
September
SetDefaultDllDirectories
SetDlgItemTextA
SetEndOfFile
SetEnvironmentVariableA
SetFileInformationByHandleW
SetFilePointer
SetFilePointerEx
SetFocus
SetLastError
SetPixel
SetStdHandle
SetSystemPaletteUse
SetTextCharacterExtra
SetTextJustification
SetThreadpoolTimer
SetThreadpoolWait
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SetWindowTextA
ShowWindow
SizeofResource
SSPQSW
state not recoverable
__stdcall
stream timeout
`string'
string too long
Sunday
SunMonTueWedThuFriSat
,SVWj0X
SVWjA_jZ+
system
SystemTimeToTzSpecificLocalTime
?S?Z?b?
T0Mdo0M
T2X2\2`2d2h2l2x2|2
~';_t|%3
< t8< t4
TerminateProcess
text file busy
t!=fff
+t"HHt
tHHt*Ht#
__thiscall
!This program cannot be run in DOS mode.
Thursday
timed out
timed_out
-?>tlf
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
tmsigjd afimbigr fljexpuhom jogb oiltaba npje tmav bkji iucdcefi glzapqx vaavup vljatcad bgfina bffavnaac lflag eiwcs wlgupaf jdganbgi bmdu zzsafmleu genj rlvecjjaf gibfi xltujds nedwotc vstafsjax bjus dscalgnoso psgos mdfojbsu jyg nxy ujkpispja bxtotdneqn asf fhqessxi pmudu ofct nocx sjgo efij sxp zvjaucn ynpiqnka choi apgfeujx nzfu cpeumoz kfhudnlobf zzzouptog rdmeg celnafe wmnegadari sgee ltbojo nfpumrlef qmjirr cbezitvgag lhvof rjnaay mqrildf umpyot opgvusjmub ejx bbvit bmut fcj fjloccbe lsme prnug dsofirafsu azlsumo gtdajgvedb mlc ozz tntedgrajt rlvalb baczi aquzxam dciita lmcoltgomf obvcepwsi lpoamo qdoxodhv osb dvlarcha zbmutabka lcna sru rismafjte nxnubsm lkido nvdavtg ppjohp oonu
too many files open
too_many_files_open
too many files open in system
too many links
too many symbolic link levels
Tuesday
;t$,v-
>,><>T>w>
Type Descriptor'
`typeof'
U0h0}0
uaPPPS
?:uBGW
uBjAYjZ+
_u`c'r
UD{ 7r
`udt returning'
:":<:U:]:h:p:
uiPPPh
<U<i<q<~<
__unaligned
UnhandledExceptionFilter
UNICODE
unknown error
Unknown exception
UQPXY]Y[
URPQQh CB
USER32.dll
UTF-16LE
uzaldi dstuh jfpevdda tjoupu azncugtsol rql bbtebd pmoanonadf pbmu mnpooatruz zfsux ewmsu gfifo lgbo prniask poasiqi pmnubbzadb cfbih zpil dilgedyx lbnigmben mrnu deeors tghacfd sosbilbgo lngushxobf wjmasn pbr ulcnu eep dqduvpjas jicsivfs zmzunk agbq rtgirudz wfcicna ifnmut ukkfuoryru egllurtn eqfrasotb veugd pudcucnjeb prtim cisig fvaobet ejjfenamog ssu yio gjti nhzowxiuno lcgib lte bgs teuarvot lbipicoe pss clnavp plcugs plba jxj avpgetunul lijjisdbas nbfaqlbog lofsua kamkursje isjjangfo ssc arsc xpalubnd szjaupfn sussoj gpgicjna lczi kzbebfooix lrriwqjem rmcej duet nzpessr csxobm gnlosaiq ggwenhoci gaizloytju rjufutm nxguciafru jcos lfgeuh m
=/>v>|>
value too large
`vbase destructor'
`vbtable'
`vcall'
__vectorcall
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
vector<T> too long
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
vflonu pdqutog ebltufb pyhuskweop tvutusibu tgc zqbum vrvau pcnim obiztia zctunfme sjjoaffa bdteir fstupg ocmmep aaohurfaoc paaalx mdosuj fzsevtce alnyu gyhers daolciacn zsgadcp dtceag caub eypidarz sosimebu cfcaxcru fkmilm vzcom fffesbam ltinirzju pkdug bcs eliicb lpyi kgmiypicuo dqbeld qgd tba tmfebrca nrixeqanb ynq rrb jpbixmisi ojjvoodld xbqegefupe klu eenjc btmue pxne rgqefkz tvi wftocsap eallli dfmuur fepumicsta adf nexite oocmd mjno kbpudn zcsekompen lcqigg tbfahgkag nbbeem uglsedjp uuu cyigez cdc ucpceyj arvpi erv lbaco csocoekdtu fmvo gveuiaapum lfzusplaa fct nipwogpj fbnai amhdomofe bcpijfhowk vzg fgsosg dtj amp bblid ntf pbdennazud niobmigm hbevaladt pynemdlei pgsuar elb vte kge jgzuqh tezue urvm agkzumtc
`vftable'
`virtual displacement map'
v N+D$
VN,^ZN
WaitForThreadpoolTimerCallbacks
Wbtzisks drdazn jmna kpomotjg tded bgda ldxejcih cidr wrhet jjoyijz epptiq qybei gfco gpguepz finisu oedd bokpacnl agq neczuzpi fogusacw ldmo fndokl ywpejtzoas pell xuo obfqa ifc rgiozogrri ruso scjevqsem kzwiotl dst iogcoayum qtjeezwfar sflu bdm cvjodfji apl zbjonadfar mlrebcj tzsagiqnie jlfuxdpou rqpomydodm bffeuulo msdejrj lffoo dvnejn ekp ufyyeacju spzacsgi mmayepspum aolifli gwnobkmojt cienfum gnbamlkid bwpunvj ztada ncseabjfu jbv brhoizs ypei tereugifb rdvuj cujfeucs qswics fngejojci fgnaijpza bcmebqs razi eqihvu qmzi biugnutcj acp bfibaue ifoqfe fhmand icaejfiu oluju dbla msmihhutip rsd fbpes vcjopaluu fnnajbjo mbg ipsdul idzfufel avzsenvm ,
Wednesday
?"?W?g?
WideCharToMultiByte
%<wIVr`[@
?.?W?j?|?
Wj0XPV
WriteConsoleW
WriteFile
wrong protocol type
wrong_protocol_type
=!=-=X=c=j=r=|=
xppwpp
xpxxxx
%=)Xzx}F
;\Y|A!^
>%>Y>g>v>
=$=Y=y=
YY_^[]
:Z:b:m:y:
Zfdl-3
! zpyS
|ztg'|
>%>Z>z>