Analysis | #totalhash

Analysis Date	2014-10-14 23:35:24
MD5	4cc51b22d42dfc88c4b73f4be93c6585
SHA1	5e35ee3169a7643ccee7443586004c11a18e6e4b

Static Details:

File type	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section	.text md5: 7a92dd105215517a6113144e039b30eb sha1: 3c294c24e3ddfb4b46f7dd74ba2c13ae57461975 size: 119296
Section	.rdata md5: a9c58153feb3779a10f713e209eb934c sha1: 2d2adceb95985e712603b1e8a524f6bbb36016be size: 16384
Section	.data md5: e1f2bd93e0de81a688b4e7c215187a02 sha1: 12d8eea127a11b198705f734c22533b6e9d8a379 size: 17408
Timestamp	2014-01-22 06:47:36
Packer	Microsoft Visual C++ ?.?
PEhash	36a851361c4955f2482844203862b6b759694e49
IMPhash	cbdac7aa60ddcaee4067ba192.168.1.161
AV	360 Safe	Gen:Variant.Symmi.42055
AV	Ad-Aware	Gen:Variant.Symmi.42055
AV	Alwil (avast)	Agent-ATXF [Trj]
AV	Arcabit (arcavir)	no_virus
AV	Authentium	W32/Agent.NK2.gen!Eldorado
AV	Avira (antivir)	TR/Crypt.ZPACK.Gen8
AV	BullGuard	Gen:Variant.Symmi.42055
AV	CA (E-Trust Ino)	no_virus
AV	CAT (quickheal)	no_virus
AV	ClamAV	no_virus
AV	Dr. Web	no_virus
AV	Emsisoft	Gen:Variant.Symmi.42055
AV	Eset (nod32)	Win32/Agent.VNC
AV	Fortinet	W32/Agent.VNC!tr
AV	Frisk (f-prot)	no_virus
AV	F-Secure	Gen:Variant.Symmi.42055
AV	Grisoft (avg)	Generic_r.DMC
AV	Ikarus	Trojan.FBLock
AV	K7	no_virus
AV	Kaspersky	Trojan.Win32.Generic:Trojan.Win32.PEF.pf.silent.347637:Trojan.Win32.PEF.pf.silent.348577:Trojan.Win32.PEF.pf.silent.349247:Trojan.Win32.PEF.pf.silent.349979:Trojan.Win32.PEF.pf.silent.378627:Trojan.Win32.PEF.pf.silent.379268:Trojan.Win32.PEF.pf.silent.380179:Trojan.Win32.PEF.pf.silent.380996:Trojan.Win32.PEF.pf.silent.433356:Trojan.Win32.PEF.pf.silent.453058
AV	MalwareBytes	Trojan.Agent
AV	Mcafee	Generic-FAOV!4CC51B22D42D
AV	Microsoft Security Essentials	no_virus
AV	MicroWorld (escan)	Gen:Variant.Symmi.42055
AV	Norman	no_virus
AV	Rising	no_virus
AV	Sophos	Troj/Bckdr-RRM
AV	Symantec	no_virus
AV	Trend Micro	no_virus
AV	VirusBlokAda (vba32)	no_virus
AV	Yara APT	no_virus
AV	Zillya!	no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Registry	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Secure Launcher Parental BitLocker ➝ C:\Documents and Settings\Administrator\Application Data\xpmxnrwfhxq\pbkndwqkjck.exe
Creates File	C:\Documents and Settings\Administrator\Application Data\xpmxnrwfhxq\pbkndwqkjck.exe
Creates Process	C:\Documents and Settings\Administrator\Application Data\xpmxnrwfhxq\pbkndwqkjck.exe

Process
↳ C:\Documents and Settings\Administrator\Application Data\xpmxnrwfhxq\pbkndwqkjck.exe

Creates File	C:\Documents and Settings\Administrator\Application Data\xpmxnrwfhxq\pbkndwqkjck.ki
Creates File	C:\Documents and Settings\Administrator\Application Data\xpmxnrwfhxq\msnkooqsms.exe
Creates File	\Device\Afd\Endpoint
Creates Process	WATCHDOGPROC "C:\Documents and Settings\Administrator\Application Data\xpmxnrwfhxq\pbkndwqkjck.exe"

Process
↳ WATCHDOGPROC "C:\Documents and Settings\Administrator\Application Data\xpmxnrwfhxq\pbkndwqkjck.exe"

Network Details:

DNS	thinkready.net Type: A 208.109.181.72
DNS	thinkpeople.net Type: A 50.63.202.54
DNS	collegeready.net Type: A 192.254.214.203
DNS	chiefpeople.net Type: A 50.63.202.52
DNS	collegepeople.net Type: A 50.87.149.136
DNS	middlepeople.net Type: A 184.168.221.23
DNS	morningpeople.net Type: A 66.96.160.151
DNS	strangepeople.net Type: A 112.140.180.152
DNS	historypeople.net Type: A 217.69.38.152
DNS	weatherready.net Type: A 96.8.81.132
DNS	weatherready.net Type: A 96.8.82.132
DNS	weatherready.net Type: A 96.8.83.132
DNS	weatherready.net Type: A 96.8.84.132
DNS	weatherready.net Type: A 96.8.85.132
DNS	weatherready.net Type: A 96.8.80.132
DNS	classpeople.net Type: A 149.47.67.151
DNS	thinknation.net Type: A 50.63.202.14
DNS	collegenation.net Type: A 112.125.17.103
DNS	thickexplain.net Type: A
DNS	classexplain.net Type: A
DNS	thickbright.net Type: A
DNS	classbright.net Type: A
DNS	thickinside.net Type: A
DNS	classinside.net Type: A
DNS	presentready.net Type: A
DNS	thinkbrown.net Type: A
DNS	presentbrown.net Type: A
DNS	presentpeople.net Type: A
DNS	thinkdaughter.net Type: A
DNS	presentdaughter.net Type: A
DNS	chiefready.net Type: A
DNS	chiefbrown.net Type: A
DNS	collegebrown.net Type: A
DNS	chiefdaughter.net Type: A
DNS	collegedaughter.net Type: A
DNS	oftenready.net Type: A
DNS	aloneready.net Type: A
DNS	oftenbrown.net Type: A
DNS	alonebrown.net Type: A
DNS	oftenpeople.net Type: A
DNS	alonepeople.net Type: A
DNS	oftendaughter.net Type: A
DNS	alonedaughter.net Type: A
DNS	middleready.net Type: A
DNS	twelveready.net Type: A
DNS	middlebrown.net Type: A
DNS	twelvebrown.net Type: A
DNS	twelvepeople.net Type: A
DNS	middledaughter.net Type: A
DNS	twelvedaughter.net Type: A
DNS	ratherready.net Type: A
DNS	morningready.net Type: A
DNS	ratherbrown.net Type: A
DNS	morningbrown.net Type: A
DNS	ratherpeople.net Type: A
DNS	ratherdaughter.net Type: A
DNS	morningdaughter.net Type: A
DNS	strangeready.net Type: A
DNS	historyready.net Type: A
DNS	strangebrown.net Type: A
DNS	historybrown.net Type: A
DNS	strangedaughter.net Type: A
DNS	historydaughter.net Type: A
DNS	amountready.net Type: A
DNS	amountbrown.net Type: A
DNS	weatherbrown.net Type: A
DNS	amountpeople.net Type: A
DNS	weatherpeople.net Type: A
DNS	amountdaughter.net Type: A
DNS	weatherdaughter.net Type: A
DNS	thickready.net Type: A
DNS	classready.net Type: A
DNS	thickbrown.net Type: A
DNS	classbrown.net Type: A
DNS	thickpeople.net Type: A
DNS	thickdaughter.net Type: A
DNS	classdaughter.net Type: A
DNS	presentnation.net Type: A
DNS	thinksoldier.net Type: A
DNS	presentsoldier.net Type: A
DNS	thinkplease.net Type: A
DNS	presentplease.net Type: A
DNS	thinkcondition.net Type: A
DNS	presentcondition.net Type: A
DNS	chiefnation.net Type: A
DNS	chiefsoldier.net Type: A
DNS	collegesoldier.net Type: A
DNS	chiefplease.net Type: A
DNS	collegeplease.net Type: A
DNS	chiefcondition.net Type: A
HTTP GET	http://thinkready.net/forum/search.php?email=lucocarta@yahoo.com&method=post User-Agent:
HTTP GET	http://thinkpeople.net/forum/search.php?email=lucocarta@yahoo.com&method=post User-Agent:
HTTP GET	http://collegeready.net/forum/search.php?email=lucocarta@yahoo.com&method=post User-Agent:
HTTP GET	http://chiefpeople.net/forum/search.php?email=lucocarta@yahoo.com&method=post User-Agent:
HTTP GET	http://collegepeople.net/forum/search.php?email=lucocarta@yahoo.com&method=post User-Agent:
HTTP GET	http://middlepeople.net/forum/search.php?email=lucocarta@yahoo.com&method=post User-Agent:
HTTP GET	http://morningpeople.net/forum/search.php?email=lucocarta@yahoo.com&method=post User-Agent:
HTTP GET	http://strangepeople.net/forum/search.php?email=lucocarta@yahoo.com&method=post User-Agent:
HTTP GET	http://historypeople.net/forum/search.php?email=lucocarta@yahoo.com&method=post User-Agent:
HTTP GET	http://weatherready.net/forum/search.php?email=lucocarta@yahoo.com&method=post User-Agent:
HTTP GET	http://classpeople.net/forum/search.php?email=lucocarta@yahoo.com&method=post User-Agent:
HTTP GET	http://thinknation.net/forum/search.php?email=lucocarta@yahoo.com&method=post User-Agent:
HTTP GET	http://collegenation.net/forum/search.php?email=lucocarta@yahoo.com&method=post User-Agent:
Flows TCP	192.168.1.1:1031 ➝ 208.109.181.72:80
Flows TCP	192.168.1.1:1032 ➝ 50.63.202.54:80
Flows TCP	192.168.1.1:1033 ➝ 192.254.214.203:80
Flows TCP	192.168.1.1:1034 ➝ 50.63.202.52:80
Flows TCP	192.168.1.1:1035 ➝ 50.87.149.136:80
Flows TCP	192.168.1.1:1036 ➝ 184.168.221.23:80
Flows TCP	192.168.1.1:1037 ➝ 66.96.160.151:80
Flows TCP	192.168.1.1:1038 ➝ 112.140.180.152:80
Flows TCP	192.168.1.1:1039 ➝ 217.69.38.152:80
Flows TCP	192.168.1.1:1040 ➝ 96.8.81.132:80
Flows TCP	192.168.1.1:1041 ➝ 149.47.67.151:80
Flows TCP	192.168.1.1:1042 ➝ 50.63.202.14:80
Flows TCP	192.168.1.1:1043 ➝ 112.125.17.103:80

Raw Pcap

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6c75636f   h.php?email=luco
0x00000020 (00032)   63617274 61407961 686f6f2e 636f6d26   carta@yahoo.com&
0x00000030 (00048)   6d657468 6f643d70 6f737420 48545450   method=post HTTP
0x00000040 (00064)   2f312e30 0d0a4163 63657074 3a202a2f   /1.0..Accept: */
0x00000050 (00080)   2a0d0a43 6f6e6e65 6374696f 6e3a2063   *..Connection: c
0x00000060 (00096)   6c6f7365 0d0a486f 73743a20 7468696e   lose..Host: thin
0x00000070 (00112)   6b726561 64792e6e 65740d0a 0d0a       kready.net....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6c75636f   h.php?email=luco
0x00000020 (00032)   63617274 61407961 686f6f2e 636f6d26   carta@yahoo.com&
0x00000030 (00048)   6d657468 6f643d70 6f737420 48545450   method=post HTTP
0x00000040 (00064)   2f312e30 0d0a4163 63657074 3a202a2f   /1.0..Accept: */
0x00000050 (00080)   2a0d0a43 6f6e6e65 6374696f 6e3a2063   *..Connection: c
0x00000060 (00096)   6c6f7365 0d0a486f 73743a20 7468696e   lose..Host: thin
0x00000070 (00112)   6b70656f 706c652e 6e65740d 0a0d0a     kpeople.net....

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6c75636f   h.php?email=luco
0x00000020 (00032)   63617274 61407961 686f6f2e 636f6d26   carta@yahoo.com&
0x00000030 (00048)   6d657468 6f643d70 6f737420 48545450   method=post HTTP
0x00000040 (00064)   2f312e30 0d0a4163 63657074 3a202a2f   /1.0..Accept: */
0x00000050 (00080)   2a0d0a43 6f6e6e65 6374696f 6e3a2063   *..Connection: c
0x00000060 (00096)   6c6f7365 0d0a486f 73743a20 636f6c6c   lose..Host: coll
0x00000070 (00112)   65676572 65616479 2e6e6574 0d0a0d0a   egeready.net....
0x00000080 (00128)                                         

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6c75636f   h.php?email=luco
0x00000020 (00032)   63617274 61407961 686f6f2e 636f6d26   carta@yahoo.com&
0x00000030 (00048)   6d657468 6f643d70 6f737420 48545450   method=post HTTP
0x00000040 (00064)   2f312e30 0d0a4163 63657074 3a202a2f   /1.0..Accept: */
0x00000050 (00080)   2a0d0a43 6f6e6e65 6374696f 6e3a2063   *..Connection: c
0x00000060 (00096)   6c6f7365 0d0a486f 73743a20 63686965   lose..Host: chie
0x00000070 (00112)   6670656f 706c652e 6e65740d 0a0d0a0a   fpeople.net.....
0x00000080 (00128)                                         

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6c75636f   h.php?email=luco
0x00000020 (00032)   63617274 61407961 686f6f2e 636f6d26   carta@yahoo.com&
0x00000030 (00048)   6d657468 6f643d70 6f737420 48545450   method=post HTTP
0x00000040 (00064)   2f312e30 0d0a4163 63657074 3a202a2f   /1.0..Accept: */
0x00000050 (00080)   2a0d0a43 6f6e6e65 6374696f 6e3a2063   *..Connection: c
0x00000060 (00096)   6c6f7365 0d0a486f 73743a20 636f6c6c   lose..Host: coll
0x00000070 (00112)   65676570 656f706c 652e6e65 740d0a0d   egepeople.net...
0x00000080 (00128)   0a                                    .

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6c75636f   h.php?email=luco
0x00000020 (00032)   63617274 61407961 686f6f2e 636f6d26   carta@yahoo.com&
0x00000030 (00048)   6d657468 6f643d70 6f737420 48545450   method=post HTTP
0x00000040 (00064)   2f312e30 0d0a4163 63657074 3a202a2f   /1.0..Accept: */
0x00000050 (00080)   2a0d0a43 6f6e6e65 6374696f 6e3a2063   *..Connection: c
0x00000060 (00096)   6c6f7365 0d0a486f 73743a20 6d696464   lose..Host: midd
0x00000070 (00112)   6c657065 6f706c65 2e6e6574 0d0a0d0a   lepeople.net....
0x00000080 (00128)   0a                                    .

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6c75636f   h.php?email=luco
0x00000020 (00032)   63617274 61407961 686f6f2e 636f6d26   carta@yahoo.com&
0x00000030 (00048)   6d657468 6f643d70 6f737420 48545450   method=post HTTP
0x00000040 (00064)   2f312e30 0d0a4163 63657074 3a202a2f   /1.0..Accept: */
0x00000050 (00080)   2a0d0a43 6f6e6e65 6374696f 6e3a2063   *..Connection: c
0x00000060 (00096)   6c6f7365 0d0a486f 73743a20 6d6f726e   lose..Host: morn
0x00000070 (00112)   696e6770 656f706c 652e6e65 740d0a0d   ingpeople.net...
0x00000080 (00128)   0a                                    .

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6c75636f   h.php?email=luco
0x00000020 (00032)   63617274 61407961 686f6f2e 636f6d26   carta@yahoo.com&
0x00000030 (00048)   6d657468 6f643d70 6f737420 48545450   method=post HTTP
0x00000040 (00064)   2f312e30 0d0a4163 63657074 3a202a2f   /1.0..Accept: */
0x00000050 (00080)   2a0d0a43 6f6e6e65 6374696f 6e3a2063   *..Connection: c
0x00000060 (00096)   6c6f7365 0d0a486f 73743a20 73747261   lose..Host: stra
0x00000070 (00112)   6e676570 656f706c 652e6e65 740d0a0d   ngepeople.net...
0x00000080 (00128)   0a                                    .

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6c75636f   h.php?email=luco
0x00000020 (00032)   63617274 61407961 686f6f2e 636f6d26   carta@yahoo.com&
0x00000030 (00048)   6d657468 6f643d70 6f737420 48545450   method=post HTTP
0x00000040 (00064)   2f312e30 0d0a4163 63657074 3a202a2f   /1.0..Accept: */
0x00000050 (00080)   2a0d0a43 6f6e6e65 6374696f 6e3a2063   *..Connection: c
0x00000060 (00096)   6c6f7365 0d0a486f 73743a20 68697374   lose..Host: hist
0x00000070 (00112)   6f727970 656f706c 652e6e65 740d0a0d   orypeople.net...
0x00000080 (00128)   0a                                    .

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6c75636f   h.php?email=luco
0x00000020 (00032)   63617274 61407961 686f6f2e 636f6d26   carta@yahoo.com&
0x00000030 (00048)   6d657468 6f643d70 6f737420 48545450   method=post HTTP
0x00000040 (00064)   2f312e30 0d0a4163 63657074 3a202a2f   /1.0..Accept: */
0x00000050 (00080)   2a0d0a43 6f6e6e65 6374696f 6e3a2063   *..Connection: c
0x00000060 (00096)   6c6f7365 0d0a486f 73743a20 77656174   lose..Host: weat
0x00000070 (00112)   68657272 65616479 2e6e6574 0d0a0d0a   herready.net....
0x00000080 (00128)   0a                                    .

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6c75636f   h.php?email=luco
0x00000020 (00032)   63617274 61407961 686f6f2e 636f6d26   carta@yahoo.com&
0x00000030 (00048)   6d657468 6f643d70 6f737420 48545450   method=post HTTP
0x00000040 (00064)   2f312e30 0d0a4163 63657074 3a202a2f   /1.0..Accept: */
0x00000050 (00080)   2a0d0a43 6f6e6e65 6374696f 6e3a2063   *..Connection: c
0x00000060 (00096)   6c6f7365 0d0a486f 73743a20 636c6173   lose..Host: clas
0x00000070 (00112)   7370656f 706c652e 6e65740d 0a0d0a0a   speople.net.....
0x00000080 (00128)                                         

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6c75636f   h.php?email=luco
0x00000020 (00032)   63617274 61407961 686f6f2e 636f6d26   carta@yahoo.com&
0x00000030 (00048)   6d657468 6f643d70 6f737420 48545450   method=post HTTP
0x00000040 (00064)   2f312e30 0d0a4163 63657074 3a202a2f   /1.0..Accept: */
0x00000050 (00080)   2a0d0a43 6f6e6e65 6374696f 6e3a2063   *..Connection: c
0x00000060 (00096)   6c6f7365 0d0a486f 73743a20 7468696e   lose..Host: thin
0x00000070 (00112)   6b6e6174 696f6e2e 6e65740d 0a0d0a0a   knation.net.....
0x00000080 (00128)                                         

0x00000000 (00000)   47455420 2f666f72 756d2f73 65617263   GET /forum/searc
0x00000010 (00016)   682e7068 703f656d 61696c3d 6c75636f   h.php?email=luco
0x00000020 (00032)   63617274 61407961 686f6f2e 636f6d26   carta@yahoo.com&
0x00000030 (00048)   6d657468 6f643d70 6f737420 48545450   method=post HTTP
0x00000040 (00064)   2f312e30 0d0a4163 63657074 3a202a2f   /1.0..Accept: */
0x00000050 (00080)   2a0d0a43 6f6e6e65 6374696f 6e3a2063   *..Connection: c
0x00000060 (00096)   6c6f7365 0d0a486f 73743a20 636f6c6c   lose..Host: coll
0x00000070 (00112)   6567656e 6174696f 6e2e6e65 740d0a0d   egenation.net...
0x00000080 (00128)   0a                                    .

Strings

.
-E-
-0
-0010+-0
0
-0
CC
.00-+ 
.
-e-
. 
\
 
00
.
:\
:..
...........?- 
0
0
0
0
-
]#
u
E(null)
                                 H
         (((((                  H
         h((((                  H
jjjjh
KERNEL32.DLL
mscoree.dll
                          
\$ _^[
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0A@@Ju
0SSSSS
0WWWWW
1#QNAN
1#SNAN
4I~:Vj2f
5|[ rk
`*'6LoSLBf
|$>8\$=
8[-/Ig
8VVVVV
a6/No@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
ADVAPI32.dll
An application has made an attempt to load the C runtime library incorrectly.
<at9<rt,<wt
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
.?AVbad_alloc@std@@
.?AVbad_exception@std@@
.?AVexception@std@@
.?AVlength_error@std@@
.?AVlogic_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
}:)(b"1(-
bad allocation
bad exception
 Base Class Array'
 Base Class Descriptor at (
__based(
Bbp}ZJ
BeginPaint
B+j h\QB
bZAX1-
__cdecl
CheckMenuItem
 Class Hierarchy Descriptor'
CloseHandle
__clrcall
CompareStringA
CompareStringW
 Complete Object Locator'
CONOUT$
`copy constructor closure'
CopyFileA
CorExitProcess
CreateDIBPatternBrush
CreateDirectoryA
CreateEventA
CreateFileA
CreateIconFromResourceEx
CreateProcessA
CreateRectRgnIndirect
CreateStreamOnHGlobal
CreateThread
CreateToolhelp32Snapshot
CreateWindowExA
- CRT not initialized
CZ,lUBQ
D$(_^][
D$$[_^]
D$,_^][3
D$8SVW
@.data
D$ +D$(
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
DefWindowProcA
 delete
 delete[]
Delete
DeleteColorSpace
DeleteCriticalSection
D$H;D$L
D$Hp^@
D$HPQV
D$HPQVWW
DispatchMessageA
D$L+D$D
DOMAIN error
D$P+D$H+
DPtoLP
D$,PVS
D$<QWRPS
D$ SVP
D$TSUVW3
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
EncodePointer
EndPaint
EnterCriticalSection
ExitProcess
__fastcall
February
FhRD(`
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
ForceRemove
FreeEnvironmentStringsA
FreeEnvironmentStringsW
Friday
^F<-uB
GAIsProcessorFeaturePresent
GDI32.dll
GetACP
GetActiveWindow
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDesktopWindow
GetDeviceCaps
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileSize
GetFileType
GetFullPathNameA
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetMapMode
GetMessageA
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetStartupInfoA
GetStdHandle
GetStockObject
GetStringTypeA
GetStringTypeW
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetTitleBarInfo
GetUserObjectInformationA
GetWindowDC
GetWindowRect
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
`h````
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
`h`hhh
HH:mm:ss
HHtXHHt
+h_/Qqo9
h}X1y{
hYn	Bwb.
i8+n3r
>If90t
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
InvalidateRect
invalid string position
IsBadReadPtr
IsDebuggerPresent
IsValidCodePage
j2hHPB
JanFebMarAprMayJunJulAugSepOctNovDec
January
j h\QB
j@j ^V
j"^SSSSS
KERNEL32
KERNEL32.dll
-^kzct5=
L$4QRV
L$8QUPV
LCMapStringA
LCMapStringW
L$dRPQ
LeaveCriticalSection
L$HQRVWW
LoadCursorA
LoadLibraryA
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
LPtoDP
L$ QUV
L$ WQP
L$XQRP
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
MapVirtualKeyExA
MessageBoxA
Microsoft Visual C++ Runtime Library
MM/dd/yy
MNh=d!
Monday
MoveWindow
MulDiv
MultiByteToWideChar
 new[]
NoRemove
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
(null)
October
oJoy7%*s
ole32.dll
OLEAUT32.dll
`omni callsig'
OpenProcess
operator
p1kt8e
)(p7.>
__pascal
PeekMessageA
`placement delete closure'
`placement delete[] closure'
Please contact the application's support team for more information.
PostQuitMessage
PPPPPPPP
Process32First
Process32Next
Program: 
<program name unknown>
__ptr64
- pure virtual function call
Q4#t\n
QQSVWd
QueryPerformanceCounter
RaiseException
`.rdata
ReadFile
RegCloseKey
RegisterClassExA
RegOpenKeyA
RegSetValueExA
ResetEvent
__restrict
|rp:bML
RtlUnwind
runtime error 
Runtime Error!
Saturday
`scalar deleting destructor'
September
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFileAttributesA
SetFilePointer
SetFocus
SetHandleCount
SetLastError
SetMapMode
SetStdHandle
SetUnhandledExceptionFilter
SetWindowTextA
ShowCaret
ShowWindow
SING error
SQSSSh
s[S;7|G;w
^SSSSS
__stdcall
`string'
string too long
Sunday
SunMonTueWedThuFriSat
TerminateProcess
tGHt.Ht&
t$(h8OB
+t HHt
This application has requested the Runtime to terminate it in an unusual way.
__thiscall
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
T$HRPV
Thursday
< tK<	tG
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
<\tM</tI
(T,@/O
T$`QPR
tR99u2
TranslateMessage
T$<RPj
T$ RPPj
t"SS9]
<+t(<-t$:
t$<"u	3
Tuesday
;t$,v-
t$<WPR
t+WWVPV
 Type Descriptor'
`typeof'
>:u8FV
`udt returning'
UF.*Yp
~UhP=B
- unable to initialize heap
- unable to open console device
__unaligned
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UNICODE
Unknown exception
UpdateWindow
UQPXY]Y[
URPQQhD
USER32.dll
USER32.DLL
u[SSSP
UTF-16LE
`vbase destructor'
`vbtable'
`vcall'
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
`vftable'
VirtualAlloc
`virtual displacement map'
VirtualFree
v	N+D$
_VVVVV
VVVVVQRSSj
WaitForSingleObject
Wednesday
WideCharToMultiByte
|^,w$}R8
WriteConsoleA
WriteConsoleW
WriteFile
WS2_32.dll
^WWWWW
xppwpp
xpxxxx
<xtX<XtT
>=Yt1j
/ZtphU6l?