Analysis Date2015-05-29 02:19:28
MD5369c21b65e3a082c4827d733feea1c71
SHA12911b12c0ac8c31ff9dccae52af8a3326195e26e

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 0865790cac916a5f529d8f7f575d4529 sha1: 646627269df1fbe5e61f9d470032d0f4360363b7 size: 197632
Section.rdata md5: dc97b89172b29b8b54e63e7c99bd4799 sha1: a2a338ace49242aa333d0616cc90aa79dfd1cc5b size: 50688
Section.data md5: cdca248056d5ff3182bd447add5e6d6e sha1: 3477a88fec063486bcdfa35d6628ceac78583345 size: 7680
Section.reloc md5: 20ac9cd3f74774aed92c0c7c5c2cf3a4 sha1: a3d74a75d5b61dd5ff60345c98e7ff9191ed6d6a size: 14336
Timestamp2015-04-29 18:46:48
PackerMicrosoft Visual C++ 8
PEhash6d724f2f6f69d19871a779319ff1f7bd2c3946b6
IMPhash2e2e6133bacd010382df9338cfa7fbec

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\WINDOWS\pbpvzqh\qczu6vu4kvc
Creates FileC:\pbpvzqh\deuowwstavsslnb.exe
Creates FileC:\pbpvzqh\qczu6vu4kvc
Deletes FileC:\WINDOWS\pbpvzqh\qczu6vu4kvc
Creates ProcessC:\pbpvzqh\deuowwstavsslnb.exe

Process
↳ C:\pbpvzqh\deuowwstavsslnb.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Coordinator Net.Tcp ➝
C:\pbpvzqh\vgsquhtk.exe
Creates FileC:\WINDOWS\pbpvzqh\qczu6vu4kvc
Creates FilePIPE\lsarpc
Creates FileC:\pbpvzqh\cfajvaoftr
Creates FileC:\pbpvzqh\qczu6vu4kvc
Creates FileC:\pbpvzqh\vgsquhtk.exe
Deletes FileC:\WINDOWS\pbpvzqh\qczu6vu4kvc
Creates ProcessC:\pbpvzqh\vgsquhtk.exe
Creates ServiceMultimedia Resolution Identity Policy - C:\pbpvzqh\vgsquhtk.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 816

Process
↳ Pid 860

Process
↳ Pid 1028

Process
↳ Pid 1216

Process
↳ Pid 1304

Process
↳ Pid 1868

Process
↳ Pid 1164

Process
↳ C:\pbpvzqh\vgsquhtk.exe

Creates FileC:\pbpvzqh\wyqadk
Creates FileC:\pbpvzqh\hgsqaig.exe
Creates FileC:\WINDOWS\pbpvzqh\qczu6vu4kvc
Creates Filepipe\net\NtControlPipe10
Creates FileC:\pbpvzqh\cfajvaoftr
Creates FileC:\pbpvzqh\qczu6vu4kvc
Creates File\Device\Afd\Endpoint
Deletes FileC:\WINDOWS\pbpvzqh\qczu6vu4kvc
Creates Processnnrv74qpylkl "c:\pbpvzqh\vgsquhtk.exe"

Process
↳ C:\pbpvzqh\vgsquhtk.exe

Creates FileC:\WINDOWS\pbpvzqh\qczu6vu4kvc
Creates FileC:\pbpvzqh\qczu6vu4kvc
Deletes FileC:\WINDOWS\pbpvzqh\qczu6vu4kvc

Process
↳ nnrv74qpylkl "c:\pbpvzqh\vgsquhtk.exe"

Creates FileC:\WINDOWS\pbpvzqh\qczu6vu4kvc
Creates FileC:\pbpvzqh\qczu6vu4kvc
Deletes FileC:\WINDOWS\pbpvzqh\qczu6vu4kvc

Network Details:

DNSheavyheart.net
Type: A
64.15.205.100
DNSheavyheart.net
Type: A
208.48.81.134
DNSheavyheart.net
Type: A
208.48.81.133
DNSheavyheart.net
Type: A
64.15.205.101
DNSgentleheart.net
Type: A
203.189.109.142
DNSbelongbehind.net
Type: A
95.211.230.75
DNSheavyperfect.net
Type: A
DNSgentleperfect.net
Type: A
DNSheavymayor.net
Type: A
DNSgentlemayor.net
Type: A
DNSheavybattle.net
Type: A
DNSgentlebattle.net
Type: A
DNSvariousheart.net
Type: A
DNSreturnheart.net
Type: A
DNSvariousperfect.net
Type: A
DNSreturnperfect.net
Type: A
DNSvariousmayor.net
Type: A
DNSreturnmayor.net
Type: A
DNSvariousbattle.net
Type: A
DNSreturnbattle.net
Type: A
DNSjourneyunderstand.net
Type: A
DNShusbandunderstand.net
Type: A
DNSjourneybroad.net
Type: A
DNShusbandbroad.net
Type: A
DNSjourneybehind.net
Type: A
DNShusbandbehind.net
Type: A
DNSjourneybutter.net
Type: A
DNShusbandbutter.net
Type: A
DNSdestroyunderstand.net
Type: A
DNSlittleunderstand.net
Type: A
DNSdestroybroad.net
Type: A
DNSlittlebroad.net
Type: A
DNSdestroybehind.net
Type: A
DNSlittlebehind.net
Type: A
DNSdestroybutter.net
Type: A
DNSlittlebutter.net
Type: A
DNSriddenunderstand.net
Type: A
DNSbelongunderstand.net
Type: A
DNSriddenbroad.net
Type: A
DNSbelongbroad.net
Type: A
DNSriddenbehind.net
Type: A
DNSriddenbutter.net
Type: A
DNSbelongbutter.net
Type: A
DNSchairunderstand.net
Type: A
DNSthoseunderstand.net
Type: A
DNSchairbroad.net
Type: A
DNSthosebroad.net
Type: A
DNSchairbehind.net
Type: A
DNSthosebehind.net
Type: A
DNSchairbutter.net
Type: A
DNSthosebutter.net
Type: A
DNSwithinunderstand.net
Type: A
DNSsufferunderstand.net
Type: A
DNSwithinbroad.net
Type: A
DNSsufferbroad.net
Type: A
DNSwithinbehind.net
Type: A
DNSsufferbehind.net
Type: A
DNSwithinbutter.net
Type: A
DNSsufferbutter.net
Type: A
DNSeffortunderstand.net
Type: A
DNSthroughunderstand.net
Type: A
DNSeffortbroad.net
Type: A
DNSthroughbroad.net
Type: A
DNSeffortbehind.net
Type: A
DNSthroughbehind.net
Type: A
DNSeffortbutter.net
Type: A
DNSthroughbutter.net
Type: A
DNSforgetunderstand.net
Type: A
DNSincreaseunderstand.net
Type: A
DNSforgetbroad.net
Type: A
DNSincreasebroad.net
Type: A
DNSforgetbehind.net
Type: A
DNSincreasebehind.net
Type: A
DNSforgetbutter.net
Type: A
DNSincreasebutter.net
Type: A
DNSwouldunderstand.net
Type: A
DNSrememberunderstand.net
Type: A
DNSwouldbroad.net
Type: A
DNSrememberbroad.net
Type: A
DNSwouldbehind.net
Type: A
DNSrememberbehind.net
Type: A
DNSwouldbutter.net
Type: A
DNSrememberbutter.net
Type: A
DNSjourneydried.net
Type: A
DNShusbanddried.net
Type: A
DNSjourneyfifteen.net
Type: A
DNShusbandfifteen.net
Type: A
DNSjourneyangry.net
Type: A
HTTP GEThttp://heavyheart.net/index.php
User-Agent:
HTTP GEThttp://gentleheart.net/index.php
User-Agent:
HTTP GEThttp://belongbehind.net/index.php
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 64.15.205.100:80
Flows TCP192.168.1.1:1032 ➝ 203.189.109.142:80
Flows TCP192.168.1.1:1033 ➝ 95.211.230.75:80

Raw Pcap
0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2068   : close..Host: h
0x00000040 (00064)   65617679 68656172 742e6e65 740d0a0d   eavyheart.net...
0x00000050 (00080)   0a                                    .

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2067   : close..Host: g
0x00000040 (00064)   656e746c 65686561 72742e6e 65740d0a   entleheart.net..
0x00000050 (00080)   0d0a                                  ..

0x00000000 (00000)   47455420 2f696e64 65782e70 68702048   GET /index.php H
0x00000010 (00016)   5454502f 312e300d 0a416363 6570743a   TTP/1.0..Accept:
0x00000020 (00032)   202a2f2a 0d0a436f 6e6e6563 74696f6e    */*..Connection
0x00000030 (00048)   3a20636c 6f73650d 0a486f73 743a2062   : close..Host: b
0x00000040 (00064)   656c6f6e 67626568 696e642e 6e65740d   elongbehind.net.
0x00000050 (00080)   0a0d0a                                ...


Strings
eSO
S
aeaCre
eFe
"
 
\
.
 
\
.z
  
.
e
. 
00-+ .
-
-1
+-0-E-
-0
\
.
0
0
- 
000
-
.
.u
                                 
2.exe
- abort() has been called
af-za
af-ZA
April
ar-ae
ar-AE
ar-bh
ar-BH
ar-dz
ar-DZ
ar-eg
ar-EG
ar-iq
ar-IQ
ar-jo
ar-JO
ar-kw
ar-KW
ar-lb
ar-LB
ar-ly
ar-LY
ar-ma
ar-MA
ar-om
ar-OM
ar-qa
ar-QA
ar-sa
ar-SA
ar-sy
ar-SY
ar-tn
ar-TN
ar-ye
ar-YE
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
az-az-cyrl
az-AZ-Cyrl
az-az-latn
az-AZ-Latn
.bat
be-by
be-BY
bg-bg
bg-BG
bn-in
bn-IN
bs-ba-latn
bs-BA-Latn
ca-es
ca-ES
Cja-JP
.cmd
.com
CONOUT$
CR6002
- CRT not initialized
cs-cz
cs-CZ
cy-gb
cy-GB
da-dk
da-DK
dddd, MMMM dd, yyyy
de-at
de-AT
December
de-ch
de-CH
de-de
de-DE
de-li
de-LI
de-lu
de-LU
div-mv
div-MV
Djjj
Djjjjj
DOMAIN error
el-gr
el-GR
emscoree.dll
en-au
en-AU
en-bz
en-BZ
en-ca
en-CA
en-cb
en-CB
en-gb
en-GB
en-ie
en-IE
en-jm
en-JM
en-nz
en-NZ
en-ph
en-PH
en-tt
en-TT
en-us
en-US
en-za
en-ZA
en-zw
en-ZW
es-ar
es-AR
es-bo
es-BO
es-cl
es-CL
es-co
es-CO
es-cr
es-CR
es-do
es-DO
es-ec
es-EC
es-es
es-ES
es-gt
es-GT
es-hn
es-HN
es-mx
es-MX
es-ni
es-NI
es-pa
es-PA
es-pe
es-PE
es-pr
es-PR
es-py
es-PY
es-sv
es-SV
es-uy
es-UY
es-ve
es-VE
et-ee
et-EE
eu-es
eu-ES
fa-ir
fa-IR
February
fi-fi
fi-FI
- floating point support not loaded
fo-fo
fo-FO
fr-be
fr-BE
fr-ca
fr-CA
fr-ch
fr-CH
fr-fr
fr-FR
Friday
fr-lu
fr-LU
fr-mc
fr-MC
gl-es
gl-ES
gu-in
gu-IN
         (((((                  H
he-il
he-IL
HH:mm:ss
hi-in
hi-IN
hr-ba
hr-BA
hr-hr
hr-HR
hu-hu
hu-HU
hy-am
hy-AM
id-id
id-ID
- inconsistent onexit begin-end variables
is-is
is-IS
it-ch
it-CH
it-it
it-IT
ja-jp
January
jjjjj
jjjjjj
July
June
ka-ge
ka-GE
kernel32.dll
kk-kz
kk-KZ
kn-in
kn-IN
kok-in
kok-IN
ko-kr
ko-KR
ky-kg
ky-KG
lt-lt
lt-LT
lv-lv
lv-LV
March
Microsoft Visual C++ Runtime Library
mi-nz
mi-NZ
mk-mk
mk-MK
ml-in
ml-IN
MM/dd/yy
mn-mn
mn-MN
Monday
mr-in
mr-IN
ms-bn
ms-BN
ms-my
ms-MY
mt-mt
mt-MT
nb-no
nb-NO
nl-be
nl-BE
nl-nl
nl-NL
nn-no
nn-NO
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
ns-za
ns-ZA
(null)
October
pa-in
pa-IN
pl-pl
pl-PL
Program: 
<program name unknown>
pt-br
pt-BR
pt-pt
pt-PT
- pure virtual function call
quz-bo
quz-BO
quz-ec
quz-EC
quz-pe
quz-PE
R6008
R6009
R6010
R6016
R6017
R6018
R6019
R6024
R6025
R6026
R6027
R6028
R6030
R6031
R6032
R6033
R6034
ro-ro
ro-RO
runtime error 
Runtime Error!
ru-ru
ru-RU
sa-in
sa-IN
Saturday
se-fi
se-FI
se-no
se-NO
September
se-se
se-SE
SING error
sk-sk
sk-SK
sl-si
sl-SI
sma-no
sma-NO
sma-se
sma-SE
smj-no
smj-NO
smj-se
smj-SE
smn-fi
smn-FI
sms-fi
sms-FI
sq-al
sq-AL
sr-ba-cyrl
sr-BA-Cyrl
sr-ba-latn
sr-BA-Latn
sr-sp-cyrl
sr-SP-Cyrl
sr-sp-latn
sr-SP-Latn
Sunday
sv-fi
sv-FI
sv-se
sv-SE
sw-ke
sw-KE
syr-sy
syr-SY
ta-in
ta-IN
te-in
te-IN
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
th-th
th-TH
Thursday
TLOSS error
tn-za
tn-ZA
tr-tr
tr-TR
tt-ru
tt-RU
Tuesday
uk-ua
uk-UA
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
ur-pk
ur-PK
USER32.DLL
uz-uz-cyrl
uz-UZ-Cyrl
uz-uz-latn
uz-UZ-Latn
vi-vn
vi-VN
Wednesday
xh-za
xh-ZA
zh-chs
zh-CHS
zh-cht
zh-CHT
zh-cn
zh-CN
zh-hk
zh-HK
zh-mo
zh-MO
zh-sg
zh-SG
zh-tw
zh-TW
zu-za
zu-ZA
                          
;	<(<0<
0 0,0<0
0 0(00080@0H0P0X0`0h0p0x0
0%0-0:0H0e0m0~0
 0&0-070>0Q0]0
0$0(080<0D0\0l0p0
0!0+0A0K0c0s0
0(0<0D0X0i0q0y0
0#0)0X0
0-0:0Y0a0
0.060>0N0d0
0(060X0_0u0
#0+070?0J0R0[0
0(080G0a0t0|0
0$0A0X0u0
0:0B0M0
0:0F0W0_0g0q0}0
0<0h0z0
!0(0J0Q0n2
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0>1F1R1a1
020>0Z0f0n0
040;0Q0[0
.04080<0@0
040B0N0Y0~0
>%>,>0>4>8><>@>D>H>
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
>,>0>4>8>@>X>h>l>|>
:0:6:C:P:[:x:
=#=+=0=6=D=V=e=m=r=
?0?7?<?@?D?e?
? ?(?0?8?@?H?P?X?`?h?p?x?
;0;8;@;J;W;d;l;t;|;
090F0m0
?)?0?A?J?
=0H0b0z0
>(>0>]>i>s>
:0:?:l:
<0N0c0
0T0b0{0
0U0a0m0|0
%0>Xq^
1!10191F1u1}1
1 1(10181@1H1P1X1`1h1p1x1
1$1,1@1H1\1d1l1t1x1|1
1)111Y1
1$1,141<1H1U1]1i1{1
1"1.161B1j1r1
1 1;1C1J1j1
1'1:1j1
1%1?1n1t1
1-1:1N1t1
1)1@1U1c1q1}1
1)141<1
1)1K1z1
1*1L1T1[1f1
1"1Z1i1q1y1
1#2*2/2G2q2
1/3F3~3
151?1G1N1[1t1
171?1Y1`1f1t1
171C1N1d1y1
>1>9>A>N>q>
>$?1?9?A?W?_?g?o?v?|?
1=A=Q=
?&?+?1?C?I?T?]?j?r?
;1;C;J;S;n;u;
=)>1>C>o>x>
;%;1;=;C;t;};
1H4b4o4
>$>1>I>y>
:):1:n:|:
1P1W1]1p1
1Q1Y1j1
1#QNAN
1#SNAN
202P2p2|2
212A2Q2
2$202:2F2N2
2)212Z2g2y2
2 2(20282@2H2P2X2`2h2p2x2
2!2%2)2-2125292=2A2E2I2M2Q2
2%222:2F2N2{2
2&2:2\2c2j2w2
2#2+232>2N2a2
2!2.262>2R2\2
2 2*292H2[2r2~2
2"2.2A2^2f2m2w2
2:2_2g2o2w2
2$2:2S2a2~2
2$24283R3b3
2&242A2j2r2z2
2&262<2J2T2d2n2x2
2,292?2E2^2k2q2
2$2b2n2
2!2W2c2{2
263Z3`3k3
= =2=7=M=}=
292J2Y2a2i2p2
="=*=2=9=V=[=n=
:2:A:d:x:
<2<A<G<c<k<w<
=2=:=B=H=q=|=
;2;e;m;
<$<2<=<E<R<\<
< <2<G<Y<
2H3R3X3l3x3
=%=2=H=_=e=u=z=
:#:2:j:v:
2%]MwJ
2O2Y2g2
2P3f3p3
2v2C3r3{3
304:4H4]4g4u4
324=4O4
324C4S4j4|4
3'32383?3W3_3s3y3
3 3(30383@3H3P3X3`3h3p3x3
3!3)313@3R3c3o3v3
3%3+31373=3D3K3R3Y3`3g3n3v3~3
3%3*323:3S3j3
3 3$3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3|3
3$3(3:3[3f3l3~3
3(333C3h3
3!333E3W3v3
3)3=3C3H3
3)3/3k3
3+3:3Y3n3|3
3-373C3I3W3_3k3y3
3!383E3M3b3
3;3C3K3^3d3q3
3>3K3r3
3*3Z3d3}3
34383T3X3t3x3
343B3l3r3
3*4T4d4
3,545E5S5o5|5
373?3G3j3p3
<3<8<@<Y<a<m<t<{<
?*?3?8?Z?_?
3A3P3^3x3
?3?;?C?K?Q?Y?}?
="=3=>=D=k=
{3[FtwDg
?3?H?R?
=!>3>;>\>i>q>}>
:&:3:J:b:~:
>(>3>?>N>e>m>y>
3) `w@
3Y3a3i3w3
=#=+=3=;=z=
;$;,;4;
4 4(40484@4H4P4X4`4h4p4x4
4$4+434B4I4U4u4
4 4$4(4,4T4d4t4
4$4:4_4h4
44484<4@4D4H4L4t4x4|4
4#4)494?4K4Y4a4i4o4u4
4 4,4D4H4h4
4,4?4G4R4k4z4
4&4.4Z4a4t4
4#4;4Z4j4
4,484>4F4N4X4`4e4q4
4)484H4z4
4#494B4N4Y4
4&4A4I4Q4Y4f4
4"4C4W4^4w4
4>4F4R4f4m4x4
4%5,535<5C5l5z5
4 5+5>5
4!565<5F5L5\5d5j5y5
:':4:A:I:X:d:p:x:
4B5a5}5
<,<4<<<D<L<T<\<d<l<t<|<
<$<,<4<<<D<L<T<\<d<l<t<|<
=$=,=4=<=D=L=T=\=d=l=t=|=
>$>,>4><>D>L>T>\>d>l>t>|>
;$;,;4;<;D;L;T;\;d;l;t;|;
:$:,:4:<:D:L:T:\:d:l:t:|:
?$?,?4?<?D?L?T?\?d?l?t?|?
=4=\=f=n=v=~=
<(<4<g<
;!;(;4;H;[;e;q;|;
?#?4?@?H?W?z?
4J4f4y4
4N4h4t4
<-<4<P<h<t<
<,<4<@<Q<
4S4[4p4w4
='=,=4=@=X=`=m=
;';.;5;
50585<5@5D5H5L5P5T5X5\5h5l5p5t5x5|5
5(505`5
5 505k5
5$515K5Q5Y5a5i5u5}5
5+535G5a5i5w5
5%5,5054585<5@5D5H5
5 5(50585@5H5P5X5`5h5p5x5
5!5)53595E5K5z5
5"555S5]5c5i5
5 5&595A5H5P5
5%5<5K5R5i5
5*5;5P5a5p5}5
556N6d6k6
556O6X6|6~7
5+575s5
565>5F5h5s5
5^6h6o6x6
5A6y6n7
>5>C>\>k>r>
<%<-<5<D<J<V<{<
?5?E?p?x?
=!=+=5=F=N=X=^=x=~=
5L5R5\5d5~5
5N5V5i5t5y5
5Z5j5y5
60676<6@6D6e6
6$60686d6h6p6x6
6#636?6G6L6
6-656Y6e6z6
6#6+636F6X6e6p6x6
6$6-6;6c6k6~6
6(666O6]6j6t6
6$6,6A6S6b6j6r6z6
6!6)6A6T6Z6`6g6p6u6{6
6;6[6c6k6s6{6
6 6(6c6p6{6
6)676P6Z6a6i6
6+6e6m6}6
6'6E6W6^6
6&6L6S6]6i6o6w6
6?6Q6[6t6
6.74787<7@7
6'7,7J7W7_7j7
6)9I;W;a;
=6=<=B=P=w=
6E7_7d7n7{7
?6?=?H?T?b?j?v?|?
<#<+<6<L<S<Y<l<
;6;>;N;z;
?6?Z?b?u?
707=7S7
70[{Q)
757=7O7U7
7 707E7J7\7p7
7%747<7D7L7_7l7v7
7"7*767G7
7&7.767R7Z7h7n7~7
7 7&7.73797A7F7L7T7Y7_7g7l7r7z7
7"777=7J7_7e7n7
7 7@7`7l7
7 7'7;7x7
7(7-7E7m7
7"7:7E7Y7y7
7/7;7i7
7"7-7P7U7a7f7
7$7:7S7a7z7
7|7;8<9L9]9e9u9
7(7Q7Y7a7
7$8*8<8[8z8
=$=7=A=`=
=#=+=7=>=F=M=U=\=m=
:	:/:7:F:V:s:
:7:?:G:_:g:m:u:
=/=7=?=G=W=
7M7s7{7
818?8l8{8
8,82888>8H8U8z8
8-858=8G8O8W8]8k8z8
8&858i8w8
8)878?8X8
8%8*80888=8C8K8P8V8^8c8i8q8v8|8
8$8,848<8D8L8T8\8d8l8t8|8
8 8.868=8E8L8Q8Y8
8"8(8.868<8B8J8P8V8^8g8n8v8
8*888c8r8~8
8*888F8N8]8e8
8&8-8<8P8q8
8!8:8B8J8j8~8
8:8@8E8Z8`8x8
8'8@8F8M8S8Z8g8m8t8{8
8!8'8K8Q8r8x8
8"8=8L8X8^8f8l8s8
8!898?8I8S8Y8f8x8
8'8A8N8^8f8y8
8,8B8[8h8s8
8+8U8h8
8F8^8f8t8-9?9s9
;8<><G<O<j<
:,:8:@:I:T:Y:a:
8J9W9g9
8K9`9r9
?(?8?<?L?P?T?\?t?
8V9f9n9v9
90O0d0o0w0
9'929g9w9
9+939;9T9h9x9
9,949C9O9W9}9
9$9,949<9D9L9T9\9d9l9t9|9
9!999\9p9
9%9.9@9h9
9!9&9.9P9W9
9)9;9G9L9
9!9=9M9R9Z9g9
9"9/9M9T9\9q9
9*9<9P9[9i9v9
9&9.9Y9i9
9-9D9L9S9f9q9v9
9>9F9N9V9a9q9
9>9g9z9
=9=A=L=\=k=s={=
9c9j9r9
?9?e?p?|?
9I9P9Y9b9
?"?;?A?
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
address family not supported
address_family_not_supported
address in use
address_in_use
address not available
address_not_available
already connected
already_connected
AreFileApisANSI
argument list too long
argument out of domain
-ArvZf
<at-<rt"<wt
August
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
.?AVerror_category@std@@
.?AVexception@std@@
.?AV_Generic_error_category@std@@
.?AV_Iostream_error_category@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AV_System_error_category@std@@
.?AVtype_info@@
bad address
bad_address
bad allocation
bad exception
bad file descriptor
bad_file_descriptor
bad message
 Base Class Array'
 Base Class Descriptor at (
__based(
BeginPaint
<:<B<H<T<e<m<u<}<
<@=b>j>
:-:?:b:j:w:
?:?B?K?X?n?
: :B:N:f:x:
?#?/?b?n?z?
bpgorejv fpdazphelj becpac cjdulj hncidxiubi jdxuadlavi paztesrfi werni ggto iodz gnr bbjadbdiz liwpi qeywotc zhetacj jbtopfbopa mptolm yfeguv frmitv nczapbb betj mnpe olpso ummigimema iplsaz auuo ixby rjxiydav sdl tmub sgf jmcilfegiv crwudls rsje orridiodp fbsae wqbe erisep ahm dob aecsausuje dpdotof tap yrvidbp ornot fmmuoglti dyibupnti fimnigvc pstadfm bvca blzuuisr cbxoyjhu ybxobgfe oloo fccelgjas biiby dhruuxy gdnu nkjujpebi taz bcuv velsakbqan rew fauipeuuu gej rxfuze plfixdganu sutnur ndodacgo cpbol uldzepvc fcdo sebufadf cjje mmlaf vancutea qkpigjte vlxuws ludis cdpux meqov poiv ikg vul fmviae ldpic zavnismloz ogbfulf fiokvuvfd
broken pipe
bWWWWj
='=b=x=
~#bzIRSwm
C6vof tciaasifx ididcamo osee rffuileg pzcenbpif aujjsesy nkbij rsunov mpluercole zibusuglu cclarof asqfabqcib qjyodp baeiqku bppodqgoj bidkaujlme dawde elpnomhy amxjizj veogkams cwmoo xtm cvqim nuf qvlog fclebbret tpujaal fzfub dbgizzsafv bvsu gmnus pdiueleo sgp ugbmum vdhiftunev zegj iss azn qdnu njrilmbifi hbzonqocej gjxidd egebdaoxmq yuuddo uanm hbmusznad udm eaxjdemhm miukpelzj rsdaeggyao ndcint zrtopvt ggn cfyajppe epogfap sws lelsel bdwe uxurga rcf amhxenhm yfaab gzroespsap jwfectcos zeljali rfq wfo qeibkejqro iifolpiff mweed bnl vnsagopn aildgiddre jcnobc iyjhicf pdz culn belti ksuteg oficgapj eeogmbe efgloelcqa jareceu lkd
CallWindowProcA
__cdecl
cgneau majga jlluw ydmeeh assguocm smnafjm cypurqmif css jbduchl djm pnlopptan cqfibgs wnkar osdguft abbmi cksisumu jenme jfgaajdef pcboj bscen amcezu dipaduk aenapmes ufuolfidju fodwishb nblaodann zrdutsja vtlim uhwdu nni npto fnco eitlusa mmfejigji bgzeabm nnfoo lmlaz ezspirpmid mmr peugu zffufdgaah bcmeva sbh afrcuis fecmawhige bracij rrrewmuqef apmbef diiz ehmfifi baizgon qcpemg jsfatys vmdeojio tmpewjh lpduab snxabzj nlfalbjo vyjentdij lsv fecbokufge epqjivcui ilelt fsbupc llsaz hbetod djt bpgajfvab zso prnikgda plfae fjm hrfad gaaolgi htdilsjad midafipmqe fcludaa obpejus wlgabdseg cfwalkap bjajasfg ncmif lcab enebdun=
CheckDlgButton
<&<+<C<K<c<t<}<
 Class Hierarchy Descriptor'
CloseHandle
CloseThreadpoolTimer
CloseThreadpoolWait
__clrcall
CompareStringEx
CompareStringW
 Complete Object Locator'
connection aborted
connection_aborted
connection already in progress
connection_already_in_progress
connection refused
connection_refused
connection reset
connection_reset
`copy constructor closure'
CorExitProcess
CreateEventExW
CreateFile2
CreateFileW
CreateSemaphoreExW
CreateSymbolicLinkW
CreateThread
CreateThreadpoolTimer
CreateThreadpoolWait
cross device link
?#?)?C?T?a?y?~?
c@VC^j
c?~W5^`
czmuofajfa uejrakol dmyi hstietfepi lem ubpnubenle aej wxbotumcoe oosltoyu sfa apaf fguu sirko lmd lsur ikaodua dxgekwoz vdvuggjouc sjfof mbpegqjoj izni metimupgga wmusuw yguid mcbolilg bggigmga nvsesiigmo birkal ijrvomd nxidisaoa zgfans sdsubzrae debtopb ilcvudruda fztecfdonz bme askaez kjtai srez hpwefufo ngyae peaf lfmalmx ppcugfb ayjjo hbxoyngo abzhosdp gbsojb umgsodaar gay xjpoppti lpgomlgatp fci paverumfg jsnopnnofw yldaptzo qhzugovn mgfug dghoancz bmbesuh giukjirpdi pmpex rcjinnyeuv bppinmdap kdjodu heccewocne fgececnd ifafd xfsekybo aglgibsso rbja itvik bacj xngejjs sutegorjre bjba iqeznefsi uysb tnumohfs jysa
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
 delete
 delete[]
DeleteCriticalSection
DeleteFileA
destination address required
destination_address_required
device or resource busy
directory not empty
;#;+;>;D;K;R;b;m;u;
dopgnapc sfgep idgikujes lejnosg duppuarjj ufmgihvto iapwbosez wdd dkuwimr wch nncaavvg amjc scserrcifc zitbopfc pgea otdjabvd anejpa evmdecas ontfedfjes vrmiezapn esoomd dzwuf rilkui tmmop nvziucsce oiijui hclicw mbq lwcujbv epdk pjkiradbo ttculfni mlgald gcsumccab ijxdehxzo dnnenm lsguujayd bgi dbv smnabdimi djaqok alp ufafb ncq tzbefi vprebn nfuwoonat dzizuru ifjs xmcekds ebdne pdozovt ncmece biyv ntd psj vmasefst zhefe vcdoessje smce lxtevphaei dnfazepo ktq vlpubgfa jnga ndoderyi ilrre kstebj csnabvs oaorbp dblacduag sttiujbx vcbi emnjenpe rdreuviwzo hitjufx dcxi panu rnbi bvfininjea zkee jfacopsciu vjpok hmgap rnboumti
DrawTextA
; ;D;x;
`dynamic atexit destructor for '
`dynamic initializer for '
__eabi
>=>E>_>e>r>
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
EnableWindow
EncodePointer
EndPaint
EnterCriticalSection
EnumSystemLocalesEx
envtanglatm hnr eofl ludwojha apousc vjjore lnxock zxviezpi zgciohnset jgrufld wmsabulxu vkxa uhzcan oupd odfehud gmb iqdan flci hnxojrk uzf mjfuwoo ngm kfdussune lrjipbja jgf goznojtbeu arjzuwep vggeqm jmkuavj jbna ejgugab zsgivauxdo dceifoc bxloix gcgaop fdsonjonon teomsasl jszif bbgalemvuu lnela plwodtsuc wsyapscil nseaumu pdaj ailidu boaod nwol xdjepdoia dqxehh ifcdacdvio jsafeae area nlja tpfo nifj fhkur pfdolemna ovx pmt bszi zvgaugkga nltumiue ifacs ugfun ajjt crdi mfg nlriavo nlgafw gllegdyog uzsp wsgu cgcotmis lfoluasup xbzax fdbenacom vdbepjcugf aboom qzbu zds cedcelsy poeozk pyc umeqne rnlueimiw bhrav fwgud relgogm awbzi jdguibk absc vpfupv jomge&
;E;P;W;^;l;s;
executable format error
ExitProcess
__fastcall
>#>F>b>o>x>
February
file exists
filename too long
filename_too_long
FileTimeToLocalFileTime
FileTimeToSystemTime
file too large
FindClose
FindFirstFileExW
FindResourceA
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushProcessWriteBuffers
>=?F?N?h?
:";<;F;N;S;b;j;u;};
:	:!:.:>:F:N:V:
?`?f?q?
FreeEnvironmentStringsW
FreeLibraryWhenCallbackReturns
Friday
function not supported
';\g6~
GDI32.dll
generic
<geoaja bfoeyedo sin lcni ieafxc fib aguxvu srs gfg gvda jfm uzq ymdeza zvciojdpe fpti rlban aazluai axs tuemdidb jbm ezccezfpov jbeujoi todh jmyimrbaxn momkidn odcgii gxnutq lcbawtme gagwuuqead fbmugfyic oysgilr kakdo mhug clrep smpelrsand epdfiarl pmtedefd waybocjf nbtety ejbtengo nfredpzab jcjidcl luczelz rlbaubrgir gdmomwes cvselthuo hkfodftejm mlcemvcu nqb chg jfjafwlamb cycos raumma slle ldz srn cylumls jolba frju gzeifi ipcseoa wpz vrg qcmiu gdb qeoecdagob egb pkvegt nadjeslaso xcp ldjiy bcu hkgopvgas bgabi ockoonulbd clr tplunfto ideleeoyee cdcecgma jlf sftupa gtd bdca ctosaajj sbg epwtard uqppeldg aarzqa rgr geod dpu5 C]
GetACP
GetActiveWindow
GetBkColor
GetClipRgn
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetCPInfo
GetCurrentDirectoryW
GetCurrentObject
GetCurrentPackageId
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThreadId
GetCursor
GetDateFormatEx
GetDCPenColor
GetDlgItem
GetDlgItemInt
GetDriveTypeW
GetEnvironmentStringsW
GetFileInformationByHandle
GetFileInformationByHandleExW
GetFileType
GetFontLanguageInfo
GetFontUnicodeRanges
GetForegroundWindow
GetFullPathNameW
GetGraphicsMode
GetInputState
GetKeyboardType
GetLastActivePopup
GetLastError
GetLocaleInfoEx
GetLogicalProcessorInformation
GetMenu
GetMenuCheckMarkDimensions
GetMenuContextHelpId
GetMenuItemCount
GetMenuItemID
GetMenuState
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNearestColor
GetNearestPaletteIndex
GetObjectType
GetOEMCP
GetPixelFormat
GetPolyFillMode
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetPropA
GetQueueStatus
GetRandomRgn
GetScrollPos
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemPaletteUse
GetSystemTimeAsFileTime
GetTextCharacterExtra
GetTextCharset
GetTextCharsetInfo
GetTextColor
GetTickCount
GetTickCount64
GetTimeFormatEx
GetTimeZoneInformation
GetUserDefaultLocaleName
GetUserObjectInformationW
GetVersion
GetWindowContextHelpId
GetWindowDC
GetWindowLongA
GlobalFlags
GlobalHandle
GlobalSize
>G>Z>n>y>
`h````
h(Avi^I
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
hFrME3
`h`hhh
HH:mm:ss
HHtVHHt
>#>/>H>N>V>`>r>
host unreachable
host_unreachable
Ht+Ht$Ht
?!?/?H?V?
_hypot
identifier removed
illegal byte sequence
inappropriate io control operation
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
interrupted
invalid argument
invalid_argument
invalid seek
invalid string position
io error
iostream
iostream stream error
:[:i:q:
I*=Q'NZ
is a directory
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocaleName
IsWindowEnabled
IsWindowUnicode
<itx<o
jA[jZZ+
JanFebMarAprMayJunJulAugSepOctNovDec
January
@jd_u	
: :?:J:*;F;
:J;g;y;
j/_j\[f;
j@j _W
;J;P;u;
-jZv&f
>'>K>{>
K);4vN
} kE$<
KERNEL32.dll
= =(=K=j=
?&?-?K?S?[?h?
Kt|1^f
<'<?<K<Z<
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LoadIconA
LoadLibraryExW
LoadResource
LocalFlags
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LockResource
=l?r?|?
:,:<:m:
;-;@;M;
;&;M;_;
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
MessageBoxW
message size
message_size
?&???M?f?q?
mjfuxciz mdvopd mqpaugkez gzpipc bugmimbye biljurps iferm ngderbyoct vszugolti somxusxp ylga eesa jjnojda oqhvac zcugehafl nzlipdxotd lnejad lfifo fdaf uejbvucfpu fgdeuk aipixcudew uggina mdm acuic bchiscr uxvcuvsbe nzpilei ujy bci pabkejzh vab olcfim xgcosf supfazfu bzjac zcpooo ocgus dzlalgaf fjnavjd opnfa gnmeydfizg tkd mftoo npjacuwle dme mqpemtbig cjlos twrepd sjma aaesas gbfel vgh dvmog nmnuodfwot wcgitpj kwqewujp pigbadpk fozhe mbroriv fjefenedgu ayjdemr ddco oblginuvta qsbovipu fmuj aido auxbjuetz aflsithpov digzia lduidifmcu jrb nudgialoz eyvcoi soexsa rxyert kvpiukfqa fmd losdiggvic kkawufnki eleddodfi lhjaweb rr
"*M~`*M
MM/dd/yy
Monday
MoveFileA
MoveWindow
;m<r<z<
<*<M<U<
>M>U>i>q>
MultiByteToWideChar
>M>W>v>
M:*XN$9
network down
network_down
network reset
network_reset
network unreachable
network_unreachable
 new[]
_nextafter
= >->N>^>f>u>
.Nl*PI
$NnA/N
no buffer space
no_buffer_space
no child process
no link
no lock available
no message
no message available
no protocol option
no_protocol_option
no space on device
no stream resources
no such device
no such device or address
no such file or directory
no such process
not a directory
not a socket
not_a_socket
not a stream
not connected
not_connected
not enough memory
not supported
November
;N<S<Y<`<
(null)
;N<V<b<o<w<
:$;N;x;
:":(:=:N:Z:a:h:
October
`omni callsig'
operation canceled
operation in progress
operation_in_progress
operation not permitted
operation not supported
operation_not_supported
operation would block
operation_would_block
operator
;&<+<=<[<o<u<
<*<O<U<n<}<
OutputDebugStringW
owner dead
p2t2x2|2
P7T7X7\7`7d7
__pascal
pDmK3^shbp
PeekNamedPipe
-P<ekf
permission denied
permission_denied
~pjCXf
`placement delete closure'
`placement delete[] closure'
PLJCa_
pNc)qN
PostMessageA
PP9E u
protocol error
protocol not supported
protocol_not_supported
PSSSSV
__ptr64
;<<P<v<
PWWWWV
:-;?;Q;
QQSVWd
QueryPerformanceCounter
RaiseException
`.rdata
ReadConsoleW
ReadFile
read only file system
.reloc
RemovePropA
resource deadlock would occur
resource unavailable try again
__restrict
restrict(
result out of range
rl8'Pb
RtlUnwind
>S>_>~>
+s~#\9
Saturday
`scalar deleting destructor'
~sD%Mc
SendMessageA
September
SetDefaultDllDirectories
SetDlgItemTextA
SetEndOfFile
SetEnvironmentVariableA
SetFileInformationByHandleW
SetFilePointer
SetFilePointerEx
SetFocus
SetLastError
SetStdHandle
SetSystemPaletteUse
SetTextAlign
SetTextCharacterExtra
SetTextColor
SetTextJustification
SetThreadpoolTimer
SetThreadpoolWait
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SetWindowTextA
ShowWindow
sNq#wNQVwNyhzN
SSPQSW
state not recoverable
__stdcall
stream timeout
`string'
string too long
Sunday
SunMonTueWedThuFriSat
,SVWj0X
SVWjA_jZ+
;S<Y<a<j<
system
SystemTimeToTzSpecificLocalTime
;<;t;|;
~';_t|%3
< t8<	t4
TerminateProcess
text file busy
t!=fff
+t"HHt
tHHt*Ht#
__thiscall
!This program cannot be run in DOS mode.
Thursday
tiley mmrobffe ljzohfg zls chiupacgve vzoc eimn jddictjom baulujojpu keipgubdod ufst svleag cjj pngivfre frsedet lppuntp exvtaple tel lljaroynou lipee lbdeonjob lgpiyp sapc jafremnj bblaugtl bccuwbs bfgirc zjbaqazl bclor mjgionnre gabo sdlab dbuzegczal dbviandof jacriw ocbnaos lzrejrsi tqbuoistud gkpouefrn ciigluivue sjdae gybedfozeu fnbibu zfl hnfugpkoo evjfaqij ivlejougog ealmjeadlf glci ndroljarat xnii wmwaxsuue affm mgwi gesgub palvorphi umcyepcfu umn nyixe okn atjfaba fcf lel jmqi esklefp cabaxe eljjid kkpoae nracag uofon nzva ymvisimve ifmmokse nleyaav zrwiisis icdse clr espdampeno wad vjcookadg cfvow ftpingbe dtbaddp ybli esjyev lkfav dzn
timed out
timed_out
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
tO9=H(D
too many files open
too_many_files_open
too many files open in system
too many links
too many symbolic link levels
Tuesday
;t$,v-
 Type Descriptor'
`typeof'
?$?.?u?}?
uaPPPS
?U?[?b?
?:uBGW
uBjAYjZ+
`udt returning'
?U?`?h?
u}j	hF
__unaligned
UnhandledExceptionFilter
UNICODE
unknown error
Unknown exception
UQPXY]Y[
URPQQh0=B
USER32.dll
UTF-16LE
value too large
`vbase destructor'
`vbtable'
`vcall'
vDNBqLN
; ;/;=;V;_;e;
__vectorcall
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
vector<T> too long
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
&vFhJz
>(>;>V>^>f>n>~>
`vftable'
`virtual displacement map'
.[Vj2f
v(K\;Y
v	N+D$
VP0O=r.
VWjAhE
+vzxaab frtezie smsu alysojxz uua nlyi dqde tddukfgii fbmaig lfgucpsi unvizogjma coersen mppaafxag ndgid gvmiaxjog xvj ycoz csgii jsbebznirv vopoji tqrokvve soa tspoam uksewushz gfran cgdemrf lfep grw oitmhoit pzesuwwvam jphirtg jdru ugszog mgiseecsl qptidmuvo tfjuamomka uczze pltufkqeec uczbod gaa ajjgoauil nnj gjgiulw lsop raaa xatlalu algl alcluouje glgalfni kiswen dcuca drd nnra htzaduabau bufimifsd utdmidkfij efgenes llsoq gaofval tmd ioa ejcdutuxro ugjk owp idcpomx tthogufw ujf hzazicfnec atgi cee crdalpyu rdfou mxra gnnivuuw ucepiba amktuiqw ptuca ptlofsmag ivjpene jnbavdtisv jpqubvyogb pss gmqo wgyarssaex sbb xgsolbnamj lxareb telobu7
WaitForThreadpoolTimerCallbacks
Wednesday
WideCharToMultiByte
WindowFromDC
Wj0XPV
WriteConsoleW
WriteFile
wrong protocol type
wrong_protocol_type
%wU\F}
=!=(===X=
X9\9`9d9h9l9p9t9x9|9
 xapg spw wrs qls cjkudhda xdotaxrri oaj jjugizmze cvmusug pbuvipco sroob rgap nvgil naujxo fdfosa fcaziiv nce yeclufimya cos uysdi ncvabx iuphpegst tdxepepr lboluhnot ilblosopj mrwozz webqego vjninen fafkuvge pvofuzqlo cajuj rltahfap ftlapgbii w
:=;X;^;c;k;
X=\=`=d=h=l=p=t=x=|=
<&<X<e<
===X=i=
xppwpp
xpxxxx
+YQ0qX
=>=Y=r=
YY_^[]
;Z;j;z;
=#=Z=p=