Analysis Date2014-07-31 11:26:57
MD50441494aced2c955ed26e071beeba5f7
SHA15b7a33591399c7efacbea32a0fc86d9889fec040

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 446b1e22a329dda7693a5f3c1caf42a7 sha1: 2ffb52b0eb0893bbacf86371b9ae0cae1888cbe0 size: 120320
Section.rdata md5: 065f8121f4c487ec202f3c321c515ad9 sha1: 25d35899d91b54aaac4f435385359c6063203425 size: 16384
Section.data md5: eabee27a483145425d08bf05bdc09c7c sha1: e397cf2aa7726fff37588e712d922d6bb137e8e4 size: 17408
Timestamp2014-01-22 06:27:48
PackerMicrosoft Visual C++ ?.?
PEhashc9bf1ff6e4cb031cd7403d53dba52e624f3912d8
IMPhash6f523dbfaa21c310bc40cb35bd208744
AV360 SafeGen:Variant.Zusy.82783
AVAd-AwareGen:Variant.Zusy.82783
AVAlwil (avast)Downloader-UVH [Trj]
AVArcabit (arcavir)no_virus
AVAuthentiumno_virus
AVAvira (antivir)TR/Crypt.ZPACK.91297
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftno_virus
AVEset (nod32)Win32/Agent.VNC
AVFortinetW32/Agent.VNC!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Zusy.82783
AVGrisoft (avg)Generic_r.DMB
AVIkarusTrojan.FBLock
AVK7Trojan ( 004938ec1 )
AVKasperskyTrojan.Win32.Generic:Trojan.Win32.PEF.pf.silent.347637:Trojan.Win32.PEF.pf.silent.348577:Trojan.Win32.PEF.pf.silent.349247:Trojan.Win32.PEF.pf.silent.349979:Trojan.Win32.PEF.pf.silent.379268:Trojan.Win32.PEF.pf.silent.380996
AVMalwareBytesSpyware.InfoStealer
AVMcafeeGeneric-FAOV!0441494ACED2
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)Gen:Variant.Zusy.82783
AVNormanwinpe/Troj_Generic.UWROT
AVRisingno_virus
AVSophosTroj/Bckdr-RRM
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Auto Link-Layer Smart Image Agent Shadow ➝
C:\Documents and Settings\Administrator\Application Data\wedspuwt\ghzfeew.exe
Creates FileC:\Documents and Settings\Administrator\Application Data\wedspuwt\ghzfeew.exe
Creates ProcessC:\Documents and Settings\Administrator\Application Data\wedspuwt\ghzfeew.exe

Process
↳ C:\Documents and Settings\Administrator\Application Data\wedspuwt\ghzfeew.exe

Creates FileC:\Documents and Settings\Administrator\Application Data\wedspuwt\fhanmlfy.exe
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Application Data\wedspuwt\ghzfeew.aqo
Creates ProcessWATCHDOGPROC "C:\Documents and Settings\Administrator\Application Data\wedspuwt\ghzfeew.exe"

Process
↳ WATCHDOGPROC "C:\Documents and Settings\Administrator\Application Data\wedspuwt\ghzfeew.exe"

Network Details:

DNSpartyschool.net
Type: A
176.74.176.178
DNSfightschool.net
Type: A
208.73.211.169
DNSexperiencetraining.net
Type: A
74.220.199.8
DNSalreadythrown.net
Type: A
216.239.139.16
DNSsummerstorm.net
Type: A
208.73.211.188
DNScrowdstorm.net
Type: A
184.168.221.41
DNSwatertraining.net
Type: A
216.21.239.197
DNSthoughtstorm.net
Type: A
192.232.218.155
DNSwomantraining.net
Type: A
64.124.15.253
DNSfighthunger.net
Type: A
72.52.4.120
DNSfighttraining.net
Type: A
176.74.176.178
DNSsmoketherefore.net
Type: A
DNSpartywhile.net
Type: A
DNSfightwhile.net
Type: A
DNSpartyquestion.net
Type: A
DNSfightquestion.net
Type: A
DNSpartytherefore.net
Type: A
DNSfighttherefore.net
Type: A
DNSfreshhunger.net
Type: A
DNSexperiencehunger.net
Type: A
DNSfreshtraining.net
Type: A
DNSfreshstorm.net
Type: A
DNSexperiencestorm.net
Type: A
DNSfreshthrown.net
Type: A
DNSexperiencethrown.net
Type: A
DNSgentlemanhunger.net
Type: A
DNSalreadyhunger.net
Type: A
DNSgentlemantraining.net
Type: A
DNSalreadytraining.net
Type: A
DNSgentlemanstorm.net
Type: A
DNSalreadystorm.net
Type: A
DNSgentlemanthrown.net
Type: A
DNSfollowhunger.net
Type: A
DNSmemberhunger.net
Type: A
DNSfollowtraining.net
Type: A
DNSmembertraining.net
Type: A
DNSfollowstorm.net
Type: A
DNSmemberstorm.net
Type: A
DNSfollowthrown.net
Type: A
DNSmemberthrown.net
Type: A
DNSbeginhunger.net
Type: A
DNSknownhunger.net
Type: A
DNSbegintraining.net
Type: A
DNSknowntraining.net
Type: A
DNSbeginstorm.net
Type: A
DNSknownstorm.net
Type: A
DNSbeginthrown.net
Type: A
DNSknownthrown.net
Type: A
DNSsummerhunger.net
Type: A
DNScrowdhunger.net
Type: A
DNSsummertraining.net
Type: A
DNScrowdtraining.net
Type: A
DNSsummerthrown.net
Type: A
DNScrowdthrown.net
Type: A
DNSthoughthunger.net
Type: A
DNSwaterhunger.net
Type: A
DNSthoughttraining.net
Type: A
DNSwaterstorm.net
Type: A
DNSthoughtthrown.net
Type: A
DNSwaterthrown.net
Type: A
DNSwomanhunger.net
Type: A
DNSsmokehunger.net
Type: A
DNSsmoketraining.net
Type: A
DNSwomanstorm.net
Type: A
DNSsmokestorm.net
Type: A
DNSwomanthrown.net
Type: A
DNSsmokethrown.net
Type: A
DNSpartyhunger.net
Type: A
DNSpartytraining.net
Type: A
DNSpartystorm.net
Type: A
DNSfightstorm.net
Type: A
DNSpartythrown.net
Type: A
DNSfightthrown.net
Type: A
DNSfreshchoose.net
Type: A
DNSexperiencechoose.net
Type: A
DNSfreshalthough.net
Type: A
DNSexperiencealthough.net
Type: A
DNSfreshperiod.net
Type: A
DNSexperienceperiod.net
Type: A
DNSfreshhowever.net
Type: A
DNSexperiencehowever.net
Type: A
DNSgentlemanchoose.net
Type: A
DNSalreadychoose.net
Type: A
DNSgentlemanalthough.net
Type: A
DNSalreadyalthough.net
Type: A
HTTP GEThttp://partyschool.net/forum/search.php?email=emilghrgh@yahoo.com&method=post
User-Agent:
HTTP GEThttp://fightschool.net/forum/search.php?email=emilghrgh@yahoo.com&method=post
User-Agent:
HTTP GEThttp://experiencetraining.net/forum/search.php?email=emilghrgh@yahoo.com&method=post
User-Agent:
HTTP GEThttp://alreadythrown.net/forum/search.php?email=emilghrgh@yahoo.com&method=post
User-Agent:
HTTP GEThttp://summerstorm.net/forum/search.php?email=emilghrgh@yahoo.com&method=post
User-Agent:
HTTP GEThttp://crowdstorm.net/forum/search.php?email=emilghrgh@yahoo.com&method=post
User-Agent:
HTTP GEThttp://watertraining.net/forum/search.php?email=emilghrgh@yahoo.com&method=post
User-Agent:
HTTP GEThttp://thoughtstorm.net/forum/search.php?email=emilghrgh@yahoo.com&method=post
User-Agent:
HTTP GEThttp://womantraining.net/forum/search.php?email=emilghrgh@yahoo.com&method=post
User-Agent:
HTTP GEThttp://fighthunger.net/forum/search.php?email=emilghrgh@yahoo.com&method=post
User-Agent:
HTTP GEThttp://fighttraining.net/forum/search.php?email=emilghrgh@yahoo.com&method=post
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 176.74.176.178:80
Flows TCP192.168.1.1:1032 ➝ 208.73.211.169:80
Flows TCP192.168.1.1:1033 ➝ 74.220.199.8:80
Flows TCP192.168.1.1:1034 ➝ 216.239.139.16:80
Flows TCP192.168.1.1:1035 ➝ 208.73.211.188:80
Flows TCP192.168.1.1:1036 ➝ 184.168.221.41:80
Flows TCP192.168.1.1:1037 ➝ 216.21.239.197:80
Flows TCP192.168.1.1:1038 ➝ 192.232.218.155:80
Flows TCP192.168.1.1:1039 ➝ 64.124.15.253:80
Flows TCP192.168.1.1:1040 ➝ 72.52.4.120:80
Flows TCP192.168.1.1:1041 ➝ 176.74.176.178:80

Raw Pcap
0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 656d696c   h.php?email=emil
0x00000020 (00032)   67687267 68407961 686f6f2e 636f6d26   ghrgh@yahoo.com&
0x00000030 (00048)   6d657468 6f643d70 6f737420 48545450   method=post HTTP
0x00000040 (00064)   2f312e30 0d0a4163 63657074 3a202a2f   /1.0..Accept: */
0x00000050 (00080)   2a0d0a43 6f6e6e65 6374696f 6e3a2063   *..Connection: c
0x00000060 (00096)   6c6f7365 0d0a486f 73743a20 70617274   lose..Host: part
0x00000070 (00112)   79736368 6f6f6c2e 6e65740d 0a0d0a     yschool.net....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 656d696c   h.php?email=emil
0x00000020 (00032)   67687267 68407961 686f6f2e 636f6d26   ghrgh@yahoo.com&
0x00000030 (00048)   6d657468 6f643d70 6f737420 48545450   method=post HTTP
0x00000040 (00064)   2f312e30 0d0a4163 63657074 3a202a2f   /1.0..Accept: */
0x00000050 (00080)   2a0d0a43 6f6e6e65 6374696f 6e3a2063   *..Connection: c
0x00000060 (00096)   6c6f7365 0d0a486f 73743a20 66696768   lose..Host: figh
0x00000070 (00112)   74736368 6f6f6c2e 6e65740d 0a0d0a     tschool.net....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 656d696c   h.php?email=emil
0x00000020 (00032)   67687267 68407961 686f6f2e 636f6d26   ghrgh@yahoo.com&
0x00000030 (00048)   6d657468 6f643d70 6f737420 48545450   method=post HTTP
0x00000040 (00064)   2f312e30 0d0a4163 63657074 3a202a2f   /1.0..Accept: */
0x00000050 (00080)   2a0d0a43 6f6e6e65 6374696f 6e3a2063   *..Connection: c
0x00000060 (00096)   6c6f7365 0d0a486f 73743a20 65787065   lose..Host: expe
0x00000070 (00112)   7269656e 63657472 61696e69 6e672e6e   riencetraining.n
0x00000080 (00128)   65740d0a 0d0a                         et....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 656d696c   h.php?email=emil
0x00000020 (00032)   67687267 68407961 686f6f2e 636f6d26   ghrgh@yahoo.com&
0x00000030 (00048)   6d657468 6f643d70 6f737420 48545450   method=post HTTP
0x00000040 (00064)   2f312e30 0d0a4163 63657074 3a202a2f   /1.0..Accept: */
0x00000050 (00080)   2a0d0a43 6f6e6e65 6374696f 6e3a2063   *..Connection: c
0x00000060 (00096)   6c6f7365 0d0a486f 73743a20 616c7265   lose..Host: alre
0x00000070 (00112)   61647974 68726f77 6e2e6e65 740d0a0d   adythrown.net...
0x00000080 (00128)   0a740d0a 0d0a                         .t....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 656d696c   h.php?email=emil
0x00000020 (00032)   67687267 68407961 686f6f2e 636f6d26   ghrgh@yahoo.com&
0x00000030 (00048)   6d657468 6f643d70 6f737420 48545450   method=post HTTP
0x00000040 (00064)   2f312e30 0d0a4163 63657074 3a202a2f   /1.0..Accept: */
0x00000050 (00080)   2a0d0a43 6f6e6e65 6374696f 6e3a2063   *..Connection: c
0x00000060 (00096)   6c6f7365 0d0a486f 73743a20 73756d6d   lose..Host: summ
0x00000070 (00112)   65727374 6f726d2e 6e65740d 0a0d0a0d   erstorm.net.....
0x00000080 (00128)   0a740d0a 0d0a                         .t....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 656d696c   h.php?email=emil
0x00000020 (00032)   67687267 68407961 686f6f2e 636f6d26   ghrgh@yahoo.com&
0x00000030 (00048)   6d657468 6f643d70 6f737420 48545450   method=post HTTP
0x00000040 (00064)   2f312e30 0d0a4163 63657074 3a202a2f   /1.0..Accept: */
0x00000050 (00080)   2a0d0a43 6f6e6e65 6374696f 6e3a2063   *..Connection: c
0x00000060 (00096)   6c6f7365 0d0a486f 73743a20 63726f77   lose..Host: crow
0x00000070 (00112)   6473746f 726d2e6e 65740d0a 0d0a0a0d   dstorm.net......
0x00000080 (00128)   0a740d0a 0d0a                         .t....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 656d696c   h.php?email=emil
0x00000020 (00032)   67687267 68407961 686f6f2e 636f6d26   ghrgh@yahoo.com&
0x00000030 (00048)   6d657468 6f643d70 6f737420 48545450   method=post HTTP
0x00000040 (00064)   2f312e30 0d0a4163 63657074 3a202a2f   /1.0..Accept: */
0x00000050 (00080)   2a0d0a43 6f6e6e65 6374696f 6e3a2063   *..Connection: c
0x00000060 (00096)   6c6f7365 0d0a486f 73743a20 77617465   lose..Host: wate
0x00000070 (00112)   72747261 696e696e 672e6e65 740d0a0d   rtraining.net...
0x00000080 (00128)   0a740d0a 0d0a                         .t....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 656d696c   h.php?email=emil
0x00000020 (00032)   67687267 68407961 686f6f2e 636f6d26   ghrgh@yahoo.com&
0x00000030 (00048)   6d657468 6f643d70 6f737420 48545450   method=post HTTP
0x00000040 (00064)   2f312e30 0d0a4163 63657074 3a202a2f   /1.0..Accept: */
0x00000050 (00080)   2a0d0a43 6f6e6e65 6374696f 6e3a2063   *..Connection: c
0x00000060 (00096)   6c6f7365 0d0a486f 73743a20 74686f75   lose..Host: thou
0x00000070 (00112)   67687473 746f726d 2e6e6574 0d0a0d0a   ghtstorm.net....
0x00000080 (00128)   0a740d0a 0d0a                         .t....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 656d696c   h.php?email=emil
0x00000020 (00032)   67687267 68407961 686f6f2e 636f6d26   ghrgh@yahoo.com&
0x00000030 (00048)   6d657468 6f643d70 6f737420 48545450   method=post HTTP
0x00000040 (00064)   2f312e30 0d0a4163 63657074 3a202a2f   /1.0..Accept: */
0x00000050 (00080)   2a0d0a43 6f6e6e65 6374696f 6e3a2063   *..Connection: c
0x00000060 (00096)   6c6f7365 0d0a486f 73743a20 776f6d61   lose..Host: woma
0x00000070 (00112)   6e747261 696e696e 672e6e65 740d0a0d   ntraining.net...
0x00000080 (00128)   0a740d0a 0d0a                         .t....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 656d696c   h.php?email=emil
0x00000020 (00032)   67687267 68407961 686f6f2e 636f6d26   ghrgh@yahoo.com&
0x00000030 (00048)   6d657468 6f643d70 6f737420 48545450   method=post HTTP
0x00000040 (00064)   2f312e30 0d0a4163 63657074 3a202a2f   /1.0..Accept: */
0x00000050 (00080)   2a0d0a43 6f6e6e65 6374696f 6e3a2063   *..Connection: c
0x00000060 (00096)   6c6f7365 0d0a486f 73743a20 66696768   lose..Host: figh
0x00000070 (00112)   7468756e 6765722e 6e65740d 0a0d0a0d   thunger.net.....
0x00000080 (00128)   0a740d0a 0d0a                         .t....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 656d696c   h.php?email=emil
0x00000020 (00032)   67687267 68407961 686f6f2e 636f6d26   ghrgh@yahoo.com&
0x00000030 (00048)   6d657468 6f643d70 6f737420 48545450   method=post HTTP
0x00000040 (00064)   2f312e30 0d0a4163 63657074 3a202a2f   /1.0..Accept: */
0x00000050 (00080)   2a0d0a43 6f6e6e65 6374696f 6e3a2063   *..Connection: c
0x00000060 (00096)   6c6f7365 0d0a486f 73743a20 66696768   lose..Host: figh
0x00000070 (00112)   74747261 696e696e 672e6e65 740d0a0d   ttraining.net...
0x00000080 (00128)   0a740d0a 0d0a                         .t....


Strings
.
-E-
-0
-0010+-0
0
-0
00-+ 
.CC
.
-e-
. 
\
 
00
.
:\
:..
...........?- 
0
0
0
0
-
Kq
u
                                 H
         (((((                  H
         h((((                  H
jjjjh
jjjjj
KERNEL32.DLL
mscoree.dll
(null)
                          
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0A@@Ju
\$0j~Qf
0Oh2%'
0SSSSS
0WWWWW
1#QNAN
1#SNAN
36im?f
)4{!D;2
|$"8\$!
8VVVVV
9Ld_	Im
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
AdjustTokenGroups
ADVAPI32.dll
~aLl=?
An application has made an attempt to load the C runtime library incorrectly.
<at9<rt,<wt
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
.?AVexception@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
bad allocation
bad exception
 Base Class Array'
 Base Class Descriptor at (
__based(
`B b0R11
BeginPaint
B&Y3QB
__cdecl
 Class Hierarchy Descriptor'
CloseHandle
__clrcall
CompareStringA
CompareStringW
 Complete Object Locator'
CONOUT$
`copy constructor closure'
CopyFileA
CorExitProcess
CreateDirectoryA
CreateEventA
CreateFileA
CreateIconFromResourceEx
CreateProcessA
CreateStreamOnHGlobal
CreateThread
CreateToolhelp32Snapshot
CreateWindowExA
- CRT not initialized
crY)BQ
D$0_^]
@.data
D$`;D$4
D$d+D$\+
D$(;D$d
dddd, MMMM dd, yyyy
D$DPQV
D$DPQVSS
D$DPQVWW
D$DRpu
D$`+D$X
December
DecodePointer
`default constructor closure'
DefWindowProcA
 delete
 delete[]
Delete
DeleteCriticalSection
D$h_^[
DispatchMessageA
DOMAIN error
D$PQWRPS
DPtoLP
DrawTextA
D$XSUVW
`dynamic atexit destructor for '
`dynamic initializer for '
;d*zlO
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
EncodePointer
EndPaint
EnterCriticalSection
Escape
ExitProcess
F;5 5B
__fastcall
February
Fh=0gB
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
ForceRemove
FreeEnvironmentStringsA
FreeEnvironmentStringsW
Friday
^F<-uB
GAIsProcessorFeaturePresent
GDI32.dll
GetACP
GetActiveWindow
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDesktopWindow
GetDeviceCaps
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileSize
GetFileType
GetFullPathNameA
GetHandleInformation
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetMapMode
GetMessageA
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetNamedPipeInfo
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetProfileSectionA
GetStartupInfoA
GetStdHandle
GetStockObject
GetStringTypeA
GetStringTypeW
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetTitleBarInfo
GetUserObjectInformationA
GetWindowDC
GetWindowRect
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
`h````
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
_heazY9
hgiE$*o
`h`hhh
HH:mm:ss
HHtXHHt
HPZxQB
=;(i@}#
>If90t
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
InvalidateRect
invalid string position
IsDebuggerPresent
IsValidCodePage
JanFebMarAprMayJunJulAugSepOctNovDec
January
j$hd<B
j@j ^V
jM.3VC
$'jrT!
j"^SSSSS
J}X:Q|J
KERNEL32
KERNEL32.dll
LCMapStringA
LCMapStringW
L$DQRV
LeaveCriticalSection
LoadCursorA
LoadLibraryA
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
L$PQRP
LPtoDP
L$ QUV
L$,SQ+
lt	d6x
L$$WQP
)$M6O]
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
MessageBoxA
Microsoft Visual C++ Runtime Library
MM/dd/yy
ModifyMenuA
Monday
MoveWindow
MulDiv
MultiByteToWideChar
 new[]
NNF%w#
NoRemove
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
(null)
October
ole32.dll
OLEAUT32.dll
`omni callsig'
OpenProcess
operator
__pascal
pjwyng
`placement delete closure'
`placement delete[] closure'
Please contact the application's support team for more information.
PostQuitMessage
PPPPPPPP
Process32First
Process32Next
Program: 
<program name unknown>
__ptr64
- pure virtual function call
qBv@/C
Q.DRg?
Ql'JSM
QQSVWd
QueryPerformanceCounter
RaiseException
`.rdata
ReadFile
RegCloseKey
RegisterClassExA
RegOpenKeyA
RegSetValueExA
__restrict
RtlUnwind
runtime error 
Runtime Error!
sa[<ah0
Saturday
`scalar deleting destructor'
September
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFileAttributesA
SetFilePointer
SetFocus
SetHandleCount
SetLastError
SetMapMode
SetStdHandle
SetUnhandledExceptionFilter
SetWindowTextA
ShowWindow
SING error
SRSSSh
s[S;7|G;w
^SSSSS
__stdcall
`string'
string too long
Sunday
SunMonTueWedThuFriSat
T$0RPW
T$4RVS
T$DRPV
T$DRPVS
T$DRPVSS
TerminateProcess
tGHt.Ht&
+t HHt
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
Thursday
< tK<	tG
TLOSS error
T$LRVPW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
<\tM</tI
to=HoB
T$(PQR
tR99u2
TranslateMessage
t"SS9]
<+t(<-t$:
t$<"u	3
Tuesday
;t$,v-
T$ VSj
t$@WPR
t+WWVPV
T$xQPR
 Type Descriptor'
`typeof'
>:u8FV
`udt returning'
_UhH7B
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UNICODE
Unknown exception
UpdateWindow
UQPXY]Y[
URPQQhX
USER32.dll
USER32.DLL
u[SSSP
UTF-16LE
UuV:dx
v$;5loB
`vbase destructor'
`vbtable'
`vcall'
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
VirtualAlloc
`virtual displacement map'
VirtualFree
v	N+D$
_VVVVV
VVVVVQRSSj
WaitForMultipleObjects
WaitForSingleObject
Wednesday
WideCharToMultiByte
+w.MlB
WriteConsoleA
WriteConsoleW
WriteFile
WS2_32.dll
^WWWWW
x}p>i>J
xppwpp
xpxxxx
<xtX<XtT
Y;=8mB
>=Yt1j
 z]*Hd