Analysis | #totalhash

Analysis Date	2014-11-25 10:38:21
MD5	c8618e21b30616bdf3fc3079944289c3
SHA1	52cc72dfacc51535752e35922f8a5204e37fe4aa

Static Details:

File type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section	.text md5: 470b016898297449bd82d252a2698e82 sha1: 01951ae804aa2d609c235def0dbedffd4f1202f2 size: 669696
Section	.rdata md5: 7e69b33b49548061e78e96888c9378b8 sha1: df825fa33754799ebfb298deddd13dbd5b83f219 size: 54272
Section	.data md5: fa028c70b0e664ec71c3973b2fb6c8a7 sha1: 73f722c558d309cbb5e9be6f23b91fa4fb463933 size: 125440
Timestamp	2014-04-15 22:50:09
Packer	Microsoft Visual C++ ?.?
PEhash	da029e847438d57f9ffa695d9a6775caf1c29898
IMPhash	bdb15ed6d2b88e5be5695138b2deec72
AV	360 Safe	Gen:Variant.Sirefef.121
AV	Ad-Aware	Gen:Variant.Sirefef.121
AV	Alwil (avast)	Kryptik-NST [Trj]
AV	Arcabit (arcavir)	no_virus
AV	Authentium	W32/Symmi.AH.gen!Eldorado
AV	Avira (antivir)	TR/Crypt.ZPACK.Gen2
AV	BullGuard	Gen:Variant.Sirefef.121
AV	CA (E-Trust Ino)	no_virus
AV	CAT (quickheal)	no_virus
AV	ClamAV	no_virus
AV	Dr. Web	no_virus
AV	Emsisoft	Gen:Variant.Sirefef.121
AV	Eset (nod32)	Win32/Kryptik.BQWI
AV	Fortinet	W32/COMROKI.A!tr
AV	Frisk (f-prot)	no_virus
AV	F-Secure	Gen:Variant.Sirefef.121
AV	Grisoft (avg)	Win32/Cryptor
AV	Ikarus	Virus.Win32.Cryptor
AV	K7	no_virus
AV	Kaspersky	Trojan.Win32.Generic:Trojan.Win32.PEF.pf.silent.175154:Trojan.Win32.PEF.pf.silent.181830:Trojan.Win32.PEF.pf.silent.374886:Trojan.Win32.PEF.pf.silent.375904:Trojan.Win32.PEF.pf.silent.376942:Trojan.Win32.PEF.pf.silent.377697:Trojan.Win32.PEF.pf.silent.378515:Trojan.Win32.PEF.pf.silent.379237:Trojan.Win32.PEF.pf.silent.380145:Trojan.Win32.PEF.pf.silent.380997:Trojan.Win32.PEF.pf.silent.411370:Trojan.Win32.PEF.pf.silent.416452:Trojan.Win32.PEF.pf.silent.432299:Trojan.Win32.PEF.pf.silent.432810:Trojan.Win32.PEF.pf.silent.445825:Trojan.Win32.PEF.pf.silent.454569:Trojan.Win32.PEF.pf.silent.456542:Trojan.Win32.PEF.pf.silent.479305:Trojan.Win32.PEF.pf.silent.479181
AV	MalwareBytes	no_virus
AV	Mcafee	no_virus
AV	Microsoft Security Essentials	TrojanSpy:Win32/Nivdort.Y
AV	MicroWorld (escan)	Gen:Variant.Sirefef.121
AV	Rising	no_virus
AV	Sophos	no_virus
AV	Symantec	no_virus
AV	Trend Micro	TSPY_NIVDORT.SM
AV	VirusBlokAda (vba32)	no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates File	C:\WINDOWS\system32\jnzwkcikckrhh\tst
Creates File	C:\Documents and Settings\Administrator\Local Settings\Temp\bzfvvalz1m1uatuzi1afliv.exe
Creates Process	C:\Documents and Settings\Administrator\Local Settings\Temp\bzfvvalz1m1uatuzi1afliv.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\bzfvvalz1m1uatuzi1afliv.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Discovery Biometric Workstation ➝ C:\WINDOWS\system32\sljsilnlb.exe
Creates File	C:\WINDOWS\system32\jnzwkcikckrhh\lck
Creates File	C:\WINDOWS\system32\drivers\etc\hosts
Creates File	C:\WINDOWS\system32\sljsilnlb.exe
Creates File	C:\WINDOWS\system32\jnzwkcikckrhh\etc
Creates File	C:\WINDOWS\system32\jnzwkcikckrhh\tst
Deletes File	C:\WINDOWS\system32\\drivers\etc\hosts
Creates Process	C:\WINDOWS\system32\sljsilnlb.exe
Creates Service	Services Play AutoConnect Support - C:\WINDOWS\system32\sljsilnlb.exe

Process
↳ Pid 796

Process
↳ Pid 848

Process
↳ C:\WINDOWS\System32\svchost.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\List of event-active namespaces ➝ NULL
Creates File	PIPE\lsarpc
Creates File	C:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG
Creates File	C:\WINDOWS\system32\WBEM\Logs\wbemess.log

Process
↳ Pid 1108

Process
↳ Pid 1204

Process
↳ C:\WINDOWS\system32\spoolsv.exe

Registry	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝ NULL
Registry	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝ 7
Registry	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝ NULL
Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝ C:\WINDOWS\System32\spool\PRINTERS\\x00
Creates File	WMIDataDevice

Process
↳ Pid 1132

Process
↳ C:\WINDOWS\system32\sljsilnlb.exe

Registry	HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝ 1
Creates File	C:\WINDOWS\system32\jnzwkcikckrhh\rng
Creates File	C:\WINDOWS\system32\jnzwkcikckrhh\lck
Creates File	pipe\net\NtControlPipe10
Creates File	C:\WINDOWS\system32\jnzwkcikckrhh\cfg
Creates File	C:\WINDOWS\system32\fcfkdkhonsf.exe
Creates File	C:\WINDOWS\system32\jnzwkcikckrhh\run
Creates File	C:\WINDOWS\TEMP\bzfvvalz1sf0atu.exe
Creates File	\Device\Afd\Endpoint
Creates File	C:\WINDOWS\system32\jnzwkcikckrhh\tst
Creates Process	C:\WINDOWS\TEMP\bzfvvalz1sf0atu.exe -r 36052 tcp
Creates Process	WATCHDOGPROC "c:\windows\system32\sljsilnlb.exe"

Process
↳ C:\WINDOWS\system32\sljsilnlb.exe

Creates File	C:\WINDOWS\system32\jnzwkcikckrhh\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\sljsilnlb.exe"

Creates File	C:\WINDOWS\system32\jnzwkcikckrhh\tst

Process
↳ C:\WINDOWS\TEMP\bzfvvalz1sf0atu.exe -r 36052 tcp

Creates File	\Device\Afd\Endpoint
Winsock DNS	239.255.255.250

Network Details:

DNS	stickmarch.net Type: A 69.195.129.70
DNS	tablefruit.net Type: A 69.195.129.70
DNS	mightglossary.net Type: A 208.91.197.241
DNS	requireneither.net Type: A 208.91.197.241
DNS	gentlefriend.net Type: A 208.91.197.241
DNS	glasshealth.net Type: A 208.91.197.241
DNS	rememberpaint.net Type: A 208.91.197.241
DNS	throughcountry.net Type: A 208.91.197.241
DNS	wishhave.net Type: A 82.165.203.55
DNS	deadhold.net Type: A 184.168.221.40
DNS	rockhold.net Type: A 72.52.4.119
DNS	hairthere.net Type: A 8.5.1.10
DNS	humanstone.net Type: A 203.246.167.237
DNS	musicarms.net Type: A 106.186.30.76
DNS	musicstone.net Type: A 199.59.243.119
DNS	musicstone.net Type: A 199.59.243.120
DNS	musicstone.net Type: A 199.59.243.121
DNS	musicstone.net Type: A 199.59.243.117
DNS	musicstone.net Type: A 199.59.243.118
DNS	offerstone.net Type: A 208.91.197.27
DNS	frontside.net Type: A 195.128.175.11
DNS	necessarydress.net Type: A
DNS	littleappear.net Type: A
DNS	wenthave.net Type: A
DNS	spendhave.net Type: A
DNS	fronthold.net Type: A
DNS	offerhold.net Type: A
DNS	frontsecond.net Type: A
DNS	offersecond.net Type: A
DNS	frontocean.net Type: A
DNS	offerocean.net Type: A
DNS	fronthave.net Type: A
DNS	offerhave.net Type: A
DNS	hanghold.net Type: A
DNS	septemberhold.net Type: A
DNS	hangsecond.net Type: A
DNS	septembersecond.net Type: A
DNS	hangocean.net Type: A
DNS	septemberocean.net Type: A
DNS	hanghave.net Type: A
DNS	septemberhave.net Type: A
DNS	joinhold.net Type: A
DNS	wishhold.net Type: A
DNS	joinsecond.net Type: A
DNS	wishsecond.net Type: A
DNS	joinocean.net Type: A
DNS	wishocean.net Type: A
DNS	joinhave.net Type: A
DNS	deadsecond.net Type: A
DNS	rocksecond.net Type: A
DNS	deadocean.net Type: A
DNS	rockocean.net Type: A
DNS	deadhave.net Type: A
DNS	rockhave.net Type: A
DNS	wronghold.net Type: A
DNS	madehold.net Type: A
DNS	wrongsecond.net Type: A
DNS	madesecond.net Type: A
DNS	wrongocean.net Type: A
DNS	madeocean.net Type: A
DNS	wronghave.net Type: A
DNS	madehave.net Type: A
DNS	humanthere.net Type: A
DNS	humanarms.net Type: A
DNS	hairarms.net Type: A
DNS	hairstone.net Type: A
DNS	humanside.net Type: A
DNS	hairside.net Type: A
DNS	yardthere.net Type: A
DNS	musicthere.net Type: A
DNS	yardarms.net Type: A
DNS	yardstone.net Type: A
DNS	yardside.net Type: A
DNS	musicside.net Type: A
DNS	wentthere.net Type: A
DNS	spendthere.net Type: A
DNS	wentarms.net Type: A
DNS	spendarms.net Type: A
DNS	wentstone.net Type: A
DNS	spendstone.net Type: A
DNS	wentside.net Type: A
DNS	spendside.net Type: A
DNS	frontthere.net Type: A
DNS	offerthere.net Type: A
DNS	frontarms.net Type: A
DNS	offerarms.net Type: A
DNS	frontstone.net Type: A
DNS	offerside.net Type: A
HTTP GET	http://stickmarch.net/forum/search.php?method=validate&mode=sox&v=028&sox=3c4d3e00 User-Agent:
HTTP GET	http://tablefruit.net/forum/search.php?method=validate&mode=sox&v=028&sox=3c4d3e00 User-Agent:
HTTP GET	http://mightglossary.net/forum/search.php?method=validate&mode=sox&v=028&sox=3c4d3e00 User-Agent:
HTTP GET	http://requireneither.net/forum/search.php?method=validate&mode=sox&v=028&sox=3c4d3e00 User-Agent:
HTTP GET	http://gentlefriend.net/forum/search.php?method=validate&mode=sox&v=028&sox=3c4d3e00 User-Agent:
HTTP GET	http://glasshealth.net/forum/search.php?method=validate&mode=sox&v=028&sox=3c4d3e00 User-Agent:
HTTP GET	http://rememberpaint.net/forum/search.php?method=validate&mode=sox&v=028&sox=3c4d3e00 User-Agent:
HTTP GET	http://throughcountry.net/forum/search.php?method=validate&mode=sox&v=028&sox=3c4d3e00 User-Agent:
HTTP GET	http://wishhave.net/forum/search.php?method=validate&mode=sox&v=028&sox=3c4d3e00 User-Agent:
HTTP GET	http://deadhold.net/forum/search.php?method=validate&mode=sox&v=028&sox=3c4d3e00 User-Agent:
HTTP GET	http://rockhold.net/forum/search.php?method=validate&mode=sox&v=028&sox=3c4d3e00 User-Agent:
HTTP GET	http://hairthere.net/forum/search.php?method=validate&mode=sox&v=028&sox=3c4d3e00 User-Agent:
HTTP GET	http://humanstone.net/forum/search.php?method=validate&mode=sox&v=028&sox=3c4d3e00 User-Agent:
HTTP GET	http://musicarms.net/forum/search.php?method=validate&mode=sox&v=028&sox=3c4d3e00 User-Agent:
HTTP GET	http://musicstone.net/forum/search.php?method=validate&mode=sox&v=028&sox=3c4d3e00 User-Agent:
HTTP GET	http://offerstone.net/forum/search.php?method=validate&mode=sox&v=028&sox=3c4d3e00 User-Agent:
HTTP GET	http://frontside.net/forum/search.php?method=validate&mode=sox&v=028&sox=3c4d3e00 User-Agent:
Flows TCP	192.168.1.1:1036 ➝ 69.195.129.70:80
Flows TCP	192.168.1.1:1037 ➝ 69.195.129.70:80
Flows TCP	192.168.1.1:1038 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1039 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1040 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1041 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1043 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1044 ➝ 208.91.197.241:80
Flows TCP	192.168.1.1:1045 ➝ 82.165.203.55:80
Flows TCP	192.168.1.1:1046 ➝ 184.168.221.40:80
Flows TCP	192.168.1.1:1047 ➝ 72.52.4.119:80
Flows TCP	192.168.1.1:1048 ➝ 8.5.1.10:80
Flows TCP	192.168.1.1:1049 ➝ 203.246.167.237:80
Flows TCP	192.168.1.1:1050 ➝ 106.186.30.76:80
Flows TCP	192.168.1.1:1051 ➝ 199.59.243.119:80
Flows TCP	192.168.1.1:1052 ➝ 208.91.197.27:80
Flows TCP	192.168.1.1:1053 ➝ 195.128.175.11:80

Raw Pcap

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303238 26736f78 3d336334 64336530   =028&sox=3c4d3e0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207374 69636b6d 61726368 2e6e6574   : stickmarch.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303238 26736f78 3d336334 64336530   =028&sox=3c4d3e0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207461 626c6566 72756974 2e6e6574   : tablefruit.net
0x00000080 (00128)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303238 26736f78 3d336334 64336530   =028&sox=3c4d3e0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d69 67687467 6c6f7373 6172792e   : mightglossary.
0x00000080 (00128)   6e65740d 0a0d0a                       net....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303238 26736f78 3d336334 64336530   =028&sox=3c4d3e0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207265 71756972 656e6569 74686572   : requireneither
0x00000080 (00128)   2e6e6574 0d0a0d0a                     .net....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303238 26736f78 3d336334 64336530   =028&sox=3c4d3e0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206765 6e746c65 66726965 6e642e6e   : gentlefriend.n
0x00000080 (00128)   65740d0a 0d0a0d0a                     et......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303238 26736f78 3d336334 64336530   =028&sox=3c4d3e0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20676c 61737368 65616c74 682e6e65   : glasshealth.ne
0x00000080 (00128)   740d0a0d 0a0a0d0a                     t.......

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303238 26736f78 3d336334 64336530   =028&sox=3c4d3e0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207265 6d656d62 65727061 696e742e   : rememberpaint.
0x00000080 (00128)   6e65740d 0a0d0a0a                     net.....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303238 26736f78 3d336334 64336530   =028&sox=3c4d3e0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207468 726f7567 68636f75 6e747279   : throughcountry
0x00000080 (00128)   2e6e6574 0d0a0d0a                     .net....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303238 26736f78 3d336334 64336530   =028&sox=3c4d3e0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a207769 73686861 76652e6e 65740d0a   : wishhave.net..
0x00000080 (00128)   0d0a6574 0d0a0d0a                     ..et....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303238 26736f78 3d336334 64336530   =028&sox=3c4d3e0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206465 6164686f 6c642e6e 65740d0a   : deadhold.net..
0x00000080 (00128)   0d0a6574 0d0a0d0a                     ..et....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303238 26736f78 3d336334 64336530   =028&sox=3c4d3e0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a20726f 636b686f 6c642e6e 65740d0a   : rockhold.net..
0x00000080 (00128)   0d0a6574 0d0a0d0a                     ..et....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303238 26736f78 3d336334 64336530   =028&sox=3c4d3e0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206861 69727468 6572652e 6e65740d   : hairthere.net.
0x00000080 (00128)   0a0d0a74 0d0a0d0a                     ...t....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303238 26736f78 3d336334 64336530   =028&sox=3c4d3e0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206875 6d616e73 746f6e65 2e6e6574   : humanstone.net
0x00000080 (00128)   0d0a0d0a 0d0a0d0a                     ........

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303238 26736f78 3d336334 64336530   =028&sox=3c4d3e0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d75 73696361 726d732e 6e65740d   : musicarms.net.
0x00000080 (00128)   0a0d0a0a 0d0a0d0a                     ........

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303238 26736f78 3d336334 64336530   =028&sox=3c4d3e0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206d75 73696373 746f6e65 2e6e6574   : musicstone.net
0x00000080 (00128)   0d0a0d0a 0d0a0d0a                     ........

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303238 26736f78 3d336334 64336530   =028&sox=3c4d3e0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206f66 66657273 746f6e65 2e6e6574   : offerstone.net
0x00000080 (00128)   0d0a0d0a 0d0a0d0a                     ........

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f6d65 74686f64 3d76616c   h.php?method=val
0x00000020 (00032)   69646174 65266d6f 64653d73 6f782676   idate&mode=sox&v
0x00000030 (00048)   3d303238 26736f78 3d336334 64336530   =028&sox=3c4d3e0
0x00000040 (00064)   30204854 54502f31 2e300d0a 41636365   0 HTTP/1.0..Acce
0x00000050 (00080)   70743a20 2a2f2a0d 0a436f6e 6e656374   pt: */*..Connect
0x00000060 (00096)   696f6e3a 20636c6f 73650d0a 486f7374   ion: close..Host
0x00000070 (00112)   3a206672 6f6e7473 6964652e 6e65740d   : frontside.net.
0x00000080 (00128)   0a0d0a0a 0d0a0d0a 20359c01            ........ 5..

Strings

"
 
 ' 
a
\
.%+#I64
.,
 
*
:
:
e
+
%+#.*
%+#.*L
 
\
-_
+%D%A%2A&
h121212
s
......
"1"2d1x
 0
''
S
?
\
.
.
.
.
...
...
............. ..!"!#!$!.%.'(.
*
+,+
-.-/012-3-
[[Z[
 
d2
h2
1
1
x
CicrE3TCdHrrojSvannvnpConErbn2daadr.WFSaOaKiShAsg
 
- 
CC
-E-
-0
-0010+-0
0
-0
00-+ 
.
-e-
. 
.00-+ 
\
00
  :\
:..
.
...........?- 
0
0
0
0
-
.
G.Ff
..
e
..
                                 H
         (((((                  H
         h((((                  H
jjjj
jjjjh
jjjjj
KERNEL32.DLL
mscoree.dll
(null)
                          
\$ _^][
\$$_^[
																		
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
#01/@o
06SB-1
\$095,2K
0A@@Ju
;0N6R5#
0SSSSS
0-"W6<u
\$0WWW
0WWWWW
1'^o]SL
1#QNAN
&_1[`s
1#SNAN
1u0ft-
^2c.f.
:2h>M	p
2<Qy9tXGM
2u}$aa
2Xv\Sg
 _^][3
_3)*	"
~3;NP_
\$4_^[
\$49l$
4a4I@$
	4	D_h
-4!dLnH
4j\WLQ
4q:JA+G
\$<;\$4s
|$4VSRW
"4;=xL
?;4xyZ
5),;0$
=5BAe9
5>ec*U}f
?5.+h4
'/`5'yW
64e775
6dZD(W]U
6GjiNj
!	6WQs
$6x[TH
=7Xn!~
~<~8{.
<8a($A;ZN
8VVVVV
:8W9T)ZBuY
9\$4tO
9\$ ~Aj
9G0thj
9l$<tH
9l$ tXf
^@9n8r
^\9nTr
|$(9^(t
9\$ t_
|$@9\$Ts
9t$<u`
9\$ uf
9\$(uF
9Uo>?j
9\$\vjV
-(9( Wj
A2;kIurP
A`5T 0
A9\$ ~'j
AB;-1M
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
`Ac&]OtJ
Adeque<T> too long
america
american
american english
american-english
An application has made an attempt to load the C runtime library incorrectly.
\$(AQW
<at9<rt,<wt
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
.?AUctype_base@std@@
August
australian
.?AVbad_alloc@std@@
.?AVbad_cast@std@@
.?AVbad_exception@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$ctype@D@std@@
.?AVexception@std@@
.?AVfacet@locale@std@@
.?AVfailure@ios_base@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AVlength_error@std@@
.?AV_Locimp@locale@std@@
.?AVlogic_error@std@@
.?AV?$numpunct@D@std@@
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AVout_of_range@std@@
.?AVruntime_error@std@@
.?AVtype_info@@
AWS2_32.dll
aW#V>}
$aX8O.
b~8~52y
bad allocation
bad cast
bad exception
!ba,])O
 Base Class Array'
 Base Class Descriptor at (
__based(
BB@2E]
BeginPaint
belgian
B?:HP_p9
[?BoCU
britain
b&Taz+
%#&`C"
canadian
__cdecl
|@Cf&@
>cFY&mKjC	
ch47T./I/
CheckDlgButton
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
 Class Hierarchy Descriptor'
CloseHandle
__clrcall
cl	$V:
cmd.exe
C+'	O?
CompareStringA
CompareStringW
 Complete Object Locator'
COMSPEC
CONOUT$
`copy constructor closure'
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
CorExitProcess
C PjPV
C$PjQV
C.PjRV
C/PjSV
C*PjTV
C+PjUV
C,PjVV
C-PjWV
CR2&C@
CreateFileA
CreateProcessA
CreateThread
cr:EWX\o
- CRT not initialized
CwOUBGWUuFPL
C/X5Zyv
C)YkVV
D$ ^[_]
D$ ^][
D$,_^][
D$(][_^
D$09\$`
D$0h0u
D$0-K4
D$<0mJ
D$0SUVW
D$|_^[3
D$8$mJ
D$8PPUV
d9\$4t^
d9j._;
D$@9\$Ts
@.data
D$$@]C
dc'lVQ
dddd, MMMM dd, yyyy
D$dj0j
D$dPhT
D$DRWP
D$|+D$tU-
D$DWVP
D$(;E<
December
DecodePointer
`default constructor closure'
 delete
 delete[]
Delete
DeleteCriticalSection
DeleteFileA
D*#feFt
D$h9]4t(
D$H:D$ t&
D$HPQR
d$HSPUW
D$HSUVW
d$(j!hD
D$L9|$`s
D$lhPtM
D$lQUSRP
D$LSUVW
D$<MIO
D$($mJ
DOMAIN error
D$P<mJ
D$PPSSj
D$PPWVQ
D$<PQf
D$(PQR
D$\PSh
D$\PWQ
\$dPWQRV
D$(PWUV
D$,QRP
|Dqt5f
D$@RVP
d$,RWV
D$ SPV
D$ SPW
D$`SUVW
D$<SUVW
D$(SUVW
D$\SUVW
D$`SVW
D$<SVW
D$ SVW
D$(SVW
D$@SVW
;D$$tm
;D$$tm)\$$
D$TPQV
D$TPQVSS
D$TPWS
D$TSVW
DUBvIg
dutch-belgian
D$ VSUP
+D$|W+
D$X95<tM
D$xSVW
D$xWPQR
`dynamic atexit destructor for '
`dynamic initializer for '
E0q5YD
e3+>Qm
]e8)j}
e*8(jK
Ee=oJF
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
EjU4IOR:s
ElSVWP
|e&MlmbOe
EnableWindow
EncodePointer
EndDialog
EndPaint
england
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
EnterCriticalSection
EnumSystemLocalesA
EpSVWP
E"UoT^
ExitProcess
F09n(u
}F~4TQ
F56`KL
F5_D-S~
F;5`}M
F604ny
__fastcall
February
*;fEpr
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindResourceA
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
ForceRemove
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
french-belgian
french-canadian
french-luxembourg
french-swiss
Friday
^F<-uB
f|XJk.
GAIsProcessorFeaturePresent
GDI32.dll
GdRK11
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
GetACP
GetActiveWindow
GetClipRgn
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetCursor
GetDCBrushColor
GetDCPenColor
GetDialogBaseUnits
GetDlgItem
GetDlgItemInt
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesA
GetFileTime
GetFileType
GetFontLanguageInfo
GetFontUnicodeRanges
GetForegroundWindow
GetFullPathNameA
GetGraphicsMode
GetKeyboardType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetMapMode
GetMenu
GetMenuCheckMarkDimensions
GetMenuContextHelpId
GetMenuItemID
GetMenuState
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetNearestColor
GetNearestPaletteIndex
GetObjectType
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessId
GetProcessWindowStation
GetPropA
GetQueueStatus
GetRandomRgn
GetScrollPos
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemPaletteUse
GetSystemTimeAsFileTime
GetTextAlign
GetTextCharacterExtra
GetTextCharset
GetTextCharsetInfo
GetTextColor
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserObjectInformationA
GetVersion
GetWindowContextHelpId
GetWindowDC
G)g[D	
g+KoyO
GlobalAlloc
GlobalFlags
GlobalHandle
GlobalSize
GNR_c'
GR1$l\Z
great britain
GU,Gkw
GWR?q+
`h````
\$ h44K
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
`h`hhh
HH:mm:ss
HHtXHHt
HHtYHHt
\$,hl^L
holland
hong-kong
H<oor	
hOP`4vO0
H$P!}G
_hP"H<&
}HRi]P
Hvf`x>
i3jqlm
>If90t
*'<'iGlt"
ijgj]X0]
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
invalid map/set<T> iterator
invalid string position
ios_base::badbit set
ios_base::eofbit set
ios_base::failbit set
irish-english
i\rqWj
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
italian-swiss
{J1B,OKe^
j2hx]L
j`"350
j7hxVL
j7;>jE
j8hX2K
JanFebMarAprMayJunJulAugSepOctNovDec
January
JBAR%b
$-/\jc!|]
$+J'DE
jDh`[K
\$(j"h
j/h07K
j	h [L
j"hp3K
j'hPVL
j@j ^V
jkhh[L
jKhP4K
/J Og_
-j:QQP
j"^SSSSS
j!|w5QE
ka]*.b
k$.:B~F
k@%C8a
KERNEL32
KERNEL32.dll
&KhS?=
k&j\qh5
kq0u8f
L$0_^3
L$@_[3
L$4PQUVh
L$4Sj"
L$4SSj
L$8j2Q
L$8QPS
\$L9\$4
\$L9|$Dr
L$`9L$X|
L9t$Tr
la12iR
LC_ALL
LC_COLLATE
LC_CTYPE
LCMapStringA
LCMapStringW
LC_MONETARY
LC_NUMERIC
LC_TIME
lcV^!o
L$d_^[3
L$DURPVQ
LeaveCriticalSection
LeG ;1C-E
l+eJDl
L$hQPW
\$LjBh
L$<j!h
L$ j@Q
L$L_^[3
lMuTcA
LoadIconA
LoadLibraryA
LoadResource
LocalAlloc
LocalFlags
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LockResource
L$p_^]3
L$Ph0u
L$@PQ3
L$pQPh
L$pRSPQVW
l$pVW3
L$$Qj$
L$(QjKU
L$(QRf
L$<QRj
L$ QUV
L$$QUVR
L$(QVP
L$`QVWj
L$@QWR
l|R}i[bH
L$(SU;
L$T_^][3
L$tj	h
L$tQRPh
L$TQRVWW
L$TQWV
L$\<+t'<-t#<0u
L$ <-u
L$(UVWP
@LVbAe
l$,VWU
L$ WQP
l.).x9T
L$xRSPQWV
M0`Hm/y
M4w9gu
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
map/set<T> too long
MessageBoxA
)=MfB2|
mh~4b;
Microsoft Visual C++ Runtime Library
[mIVcS
MM/dd/yy
!/M%Ml
m$N|~H'
^+m*NkT
`m{O4 
Monday
MoveFileA
MoveWindow
MqD~=4
MultiByteToWideChar
n#&=|*
 new[]
new-zealand
n~@\j>]
nN'\7a
NoRemove
norwegian
norwegian-bokmal
norwegian-nynorsk
Norwegian-Nynorsk
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
NpnEpP
)n%Q!4
"|nq`O
(null)
n<(vZFD
;O47j'
obB)74
obm(IO
October
O.d	.!
OLEAUT32.dll
`omni callsig'
operator
+oPy{:
ou&tZSQ$
O|xWE 
__pascal
-pKN_3
`placement delete closure'
`placement delete[] closure'
Please contact the application's support team for more information.
P Lgr9
plxb<A
portuguese-brazilian
PostMessageA
p%#	[p~GM
PPPPPPPP
|$ PQj
PQSUVW
pr china
pr-china
Program: 
<program name unknown>
	PR/uT
-prW,W
PShH0K
__ptr64
puerto-rico
- pure virtual function call
*PZ	m>x
]Q;):>>
Qdc}^f
.q*E>qx{M
\$ Qj$
qm=`JK
Qon3dqI
QQSVWd
QR9\$ 
QShH0K
QSSSSSSh 
q<tfHe
QueryPerformanceCounter
RaiseException
`.rdata
ReadFile
__restrict
R O~QoL
r*qMA:
=R,s-u
RtlUnwind
runtime error 
Runtime Error!
Rv=5p-$
]S]2E!{qKC
S>'{_{7
Saturday
`scalar deleting destructor'
	SD@SqL
SendMessageA
September
SetDlgItemTextA
SetEndOfFile
SetEnvironmentVariableA
SetFilePointer
SetFocus
SetHandleCount
SetLastError
SetPixel
SetStdHandle
SetTextColor
SetTextJustification
SetUnhandledExceptionFilter
SetWindowTextA
+sH] d
}+_Si_h
SING error
slovak
south africa
south-africa
south korea
south-korea
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
sRjXJ5iU
SRUQWP
s[S;7|G;w
ssd'B&
~+SSSh
}?SSSh
^SSSSS
__stdcall
`string'
string too long
Sunday
SunMonTueWedThuFriSat
swedish-finland
s>.\W/g|
sx#4-%
sXD2a:\
SystemRoot
;|$$t	
\$ ;\$(t
t$0WSP3
T2.69]3
t2hhvM
T$4jlR
T$4j@R
t$4PSJV
T$4SSj
t6PZXu
T$8j2R
T$8QWR
t$8WPR
t$$9^(t
t$$9^(t:
t$$9^(t#
ta:4T"
TerminateProcess
t=FA9]
_tfc;o`YD
tGHt.Ht&
(</t$h
+t HHt
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
t>h\mJ
T$hQ-b
T$HRVf
t>htmJ
Thursday
tIj"[:
t$(j4f
< tK<	tG
TLOSS error
T$LQWR
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
<\tM</tI
T<~p-\
T$PRQP
T$pRSPV
T$|PSQRWV
T$$PVR
t$PWPh
T$(QRV
tR99u2
T$(Rh?
trinidad & tobago
T$(RPj
t$(RQPV
T$@RSP
trv4tL
T$ RVVj
t"SS9]
t,SSSh
t:SSVh@@@
T$ SUV
T$$SVW
<+t(<-t$:
TtL8'f
T$TRPV
T$TRPVS
T$TRPVSS
T$TRWV
t$<"u	3
Tuesday
;t$,v-
T$$Vj"
T$ VRf
t VV9u
t$$VWS
.TW]RDq=y5
t+WWVPV
T$xVSQR
 Type Descriptor'
`typeof'
:tZV/wE
U2d{mC
>:u8FV
u<9\$8t6
{u%ab.
u<b|8`
uDj	h,
uDSSSh
`udt returning'
ufj	hT
Ug'[rAF
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UNICODE
united-kingdom
united-states
Unknown exception
{uOU8:'W
UpdateColors
UQPXY]Y[
uqSSSSS
URPQQh|RI
;UR#`*)RA
>uS=!;
USER32.dll
USER32.DLL
u[SSSP
@%,U/T
UTF-16LE
u,VVWV
UxPWRS
U	/Ydn
V 1T$,j
v7-q;%
#vao7e
`vbase destructor'
v(BnBf~\
`vbtable'
`vcall'
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
 VFHQCW
`vftable'
VirtualAlloc
`virtual displacement map'
VirtualFree
\$<Vj	
v	N+D$
vrHgQ9
{v$}t#
_VVVVV
VVVVVQRSSj
V=]W6Z!A
VWbKR)
VzfQ+-
W8CwMM
W9jL/9x
WaitForSingleObject
WBa3Hz
wbYON{
Wednesday
WideCharToMultiByte
WindowFromDC
|$$Wj"
$<wkf*
WpKZu_RU
WriteConsoleA
WriteConsoleW
WriteFile
Wr%!U~
WRWWWh
^WWWWW
x3=|/*
x}-3yb
XDqw,"
xD,Vga
#X:ea}
X<g{k<
XO3#y#
xppwpp
xpxxxx
~xSSPh0
<xtX<XtT
#X}uu2^Q
~$_^]Y
y%]1bcj
{@y4f_u
Y6*U&v
'ye4Yr
Y^H/)j
Y'O&lI%
YqRdUX
Y`R)W~
>=Yt1j
:yTMO\
Y<\u#j\V
yYp*Oe
YYZ+ d
z<|8=}
\zcq.+n8
:z*f6DYm
ZK0duaV
zR(w{D5
ZSau2Z
#{zt44